Quarantine potentially infected Microsoft Defender device (enforced by Gateway)
The automation blocks outgoing traffic from devices with high severity infection such as malware or virus, detected by Microsoft Defender, to prevent the threat from spreading inside the organization. Automation parameters can be set such as the quarantine duration, whether the quarantine is automatic or upon administrators approval, and so on.
Supported Product
-
Check PointSecurity Management Server (Quantum)
-
Microsoft Defender
Parameters
|
IP quarantine duration (if admin's approval is required) |
Set the expiration period for the automation. This applies only if you have selected the Admin's approval is required for quarantining device IP checkbox. After the expiration, Infinity Playblocks sends the notification for the Administrator's approval. |
|
IP quarantine duration (automatic prevention) |
Set the expiration period for the automations that are executed automatically (without the administrator's approval). The default duration is 1 day. |
|
Admin's approval is required for quarantining device IP |
Select the checkbox if you want administrator's approval to execute the automation. It is recommended that you leave the Admin's approval is required for device IP checkbox unselected. |
|
Open ticket if device was isolated |
Select the checkbox if you want to open a ticket when device was isolated. |
Trigger
Triggering quarantine for devices identified as infected by Microsoft Defender.
To view the example of this log, click Run.
Flow
