Team: Huntress Managed Endpoint Detection and Response (EDR)
Product: Managed Defender
Environment: Windows
Summary: Describe Host Isolation Process

Host Isolation Scenario

Host Isolation will take effect after a Huntress Security Operation Center (SOC) Analyst sends the incident report for the infected endpoint.

Scenario: Malicious ransomware is spreading through a partner network

What actions does Huntress take?

1An Incident Report is automatically opened due to a tripped ransomware canary or some other malware event known to spread to fast across a network.

2The report is immediately reviewed by a Huntress SOC Analyst to ensure it is not a false positive.

3The report is sent ASAP and the endpoint is isolated on send.