Skip to main content
Endpoint containment automatically (or manually) isolates endpoints when they are associated with malicious detections. If a detection matches one of the following settings, but the setting is disabled, the detection will be escalated to your team.

Critical Assets

Automatically isolates Critical Assets when detections are discovered. Critical Assets are endpoints associated with VIPs in your organization or critical infrastructure. This setting should be enabled with caution and discussions with the Wirespeed team before enabling. Once this setting is enabled, Critical Assets will only be contained when one of the other settings (e.g LST or unmitigated malware) are present on the detection and enabled.

Servers

Automatically isolates servers when detections are discovered. Servers are endpoints that are identified as servers in your environment.

Late Stage Tools

When a detection is discovered to be using late stage tools it is almost guaranteed an active breach is in progress. Enabling this setting is one of our secure default options and should always be enabled.

Unmitigated Malware

When a detection is discovered to be using malware (but is not a late stage tool). Many things may be considered malware in an environment, but are not malicious. It is best to disable this setting until you have a good amount of data to verify how unmitigated malware is represented in your environment.