I’d like to create a task for XP machines that will block all inbound and outbound network traffic on all NIC’s but still allow the BigFix port. This would effectively quarantine the computer. I’m not sure if I can block outbound packets with the ‘netsh firewall’ commands. Will I need to install and use IPSeccmd.exe? Has anyone done this before?
Turns out that both your scenarios are covered by our existing out of the box functionality.
The BES Support site has a few Fixlets to detect and manage the Windows Firewall.
Search for “Windows Firewall” and you will see the Fixlets. If you look at the Action Script, you can copy and use the commands to block or allow different traffic.
We also has a site call “BES Client Compliance (IPSec Framework)”. It comes from our Endpoint Protection subscription. We do use IPSeccmd.exe to self quarantine the clients.
Hope I am not telling you things you already know, please ask us again as follow-up.
Thanks, I do not have the Endpoint Protection site (but I do want it). This subscription includes the AV, is that right? Would it be possible to post the IPSeccmd.exe commands you use to do the quarantine? If not I understand, I’ll play with it when I get some more time.