Quarantining computers

You can quarantine Microsoft Windows computers from the Manage Vulnerable Computers dashboard.

Before you begin

You must have the policy action set up for quarantining, as described in the Requirements section.

About this task

The Computers tab in the Manage Vulnerable Computers dashboard provides you with a view of all the computers that you manage as a BigFix operator. You can view the computer ID, the computer name, risk scores, quarantine state, and the CVEs associated with computers. You can also quarantine computers.

You can only quarantine one computer at a time. To quarantine a computer, you run a Fixlet® that identifies that computer to be quarantined. This computer is then quarantined by the quarantine policy action Fixlet® that continuously enforces the policy.

The quarantine and un-quarantine feature is available only for Microsoft Windows computers.

Complete the following steps to quarantine a Microsoft Windows computer.

Procedure

  1. From the Manage Vulnerable Computers dashboard, click the Computers tab. From the CVEs and QRadar Computer Risk Score columns, you can view the number of CVEs and risk scores associated with the computers. In particular, the QRadar Computer Risk Score column provides enriched risk assessment data from QRadar® and identifies the computers that are most at risk.
  2. Select a Microsoft Windows computer that you want to quarantine.
  3. Click Quarantine Computer. If your BigFix console version is an earlier version than version 9.2.6, all computers are loaded in the Take Action screen, rather than the computer that you selected in the previous step. If you want to load only the computer that you select in the previous step, upgrade your console to version 9.2.6 or later before proceeding.
  4. From the Take Action dialog, select the computer. From the Execution tab, you can schedule a time and date for the quarantine.
  5. Click OK to quarantine the computer. After this action completes, the policy action Fixlet® detects that the computer needs to be quarantined and quarantines the computer. It might take some time before the status of the computer is changed to Quarantined on the dashboard. Click the Refresh icon to refresh the data if the Quarantine Status is slow to update.

Results

Only one action is generated for the quarantine Fixlet®. So for each subsequent computer that you quarantine, the existing quarantine action is updated to include the latest computer quarantined. To view an updated action, from the Endpoint Protection domain, select Actions and select the Quarantine action. Click Reported Computers and you can see the computers for which the quarantine action has run.