{{ secondMenu.name }}
{{ language }}
When Athena EPP detects a security event, it may classify the relevant endpoint as compromised or at high risk after identification. In this case, you can isolate the endpoint. An isolated endpoint can only communicate with the Athena EPP manager. All other inbound and outbound traffic for the endpoint is denied. 
The following figures show an example of privilege escalation in advanced threats. To isolate the endpoint, click Isolate.
To cancel the isolation, click Restore.
Administrators can also isolate an endpoint with the Athena EPP agent installed as an administrator by clicking New and entering the IP address.
This page displays logs of quarantined web shell files and file quarantine tasks issued when Athena EPP integrates with other platforms.
You can configure an access control list (ACL) for a compromised endpoint to block access from attackers' IP addresses.
When Athena EPP detects a security event, it may classify the relevant endpoint as compromised or at high risk after identification. In this case, you can kill the processes running on the endpoint. 
When Athena EPP detects a security event, it may classify the relevant endpoint as compromised or at high risk after identification. In this case, you can isolate the relevant domain name.
Click New, enter the IP address of the endpoint where the Athena EPP agent is installed, and specify the domain name or IP address to be isolated.
This feature is unavailable for Linux operating systems, Windows Server 2008, or Windows Server 2003.
4.2.4.6.1 Lateral Movement Containment
This page displays the logs of network port-blocking tasks issued when Athena EPP integrates with Athena NGFW and Athena NDR. You can cancel the blocking on Athena EPP as an administrator. 
4.2.4.6.2 Behavioral Containment
This page displays the logs of domain names and process-blocking tasks issued when Athena EPP integrates with Athena NGFW and Athena NDR. You can view the logs on Athena EPP as an administrator. 
4.2.4.6.3 Threat Remediation
This page displays the logs of malicious file removal and rollback tasks issued when Athena EPP integrates with Athena NGFW and Athena NDR. You can view the logs on Athena EPP as an administrator.
For threats that have been removed, you can click Remediation Details to view the details. Meanwhile, the administrator can click Roll Back on Athena EPP to initiate a rollback.
During the Integrate Devices process, the effects that can be achieved by response handling are as follows
|
Function |
Description |
Athena EPP (On—prem&SaaS) |
|||
|
Athena NDR |
Athena NGFW |
Athena MDR |
Athena XDR |
||
|
Endpoint Isolation |
It should be capable of restricting a host's network access to block communications between the host and entities outside the managed platform. |
✓ |
× |
✓ |
✓ |
|
File Quarantine |
It should be capable of moving WebShell malicious samples to an isolated directory and encrypting them to prevent WebShell files from being accessed and exploited. |
✓ |
× |
✓ |
✓ |
|
Process Blocking |
It should be capable of restricting a host's requests to specific domains and blocking network connections between the host and those domains. |
✓ |
× |
✓ |
✓ |
|
Domain Blocking |
It should be capable of terminating specified processes to prevent malicious processes from continuing to run. |
✓ |
✓ |
✓ |
✓ |
|
Lateral Movement Containment |
It should be capable of blocking the network communications of malicious processes to prevent lateral movement attacks within the internal network. |
✓ |
× |
× |
× |
|
Behavioral Containment |
It should be capable of blocking the creation of malicious processes, execution of malicious files, and external malicious communications to suppress the activities of malicious programs. |
✓ |
✓ |
× |
× |
|
Threat Remediation |
It should be capable of blocking malicious processes, removing malicious programs and their remnants to prevent the recurrence and further execution of malicious programs. |
✓ |
✓ |
× |
× |
{{ $t('index.defaultHeader.chromeBrowserTip') }}