Systems and methods for protecting networks from infected computing devices

摘要

A computer-implemented method for protecting networks from infected computing devices may include providing a computing system with a first level of access to a network. The method may also include determining that the computing system is infected with malware. The method may further include determining that the computing system cannot autonomously neutralize the malware. The method may additionally include modifying by an endpoint management system a network access control policy that controls network access of the first computing system. Various other methods, systems, and computer-readable media are also disclosed.

主权项

1. A computer-implemented method for protecting networks from infected computing devices, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
providing a computing system with a first level of access to a network, the computing system being managed by an endpoint management system that controls the computing system's access to the network; determining that the computing system is infected with malware by performing one of:
detecting diminished system performance without detecting explicit evidence of malware;detecting explicit evidence of malware; determining that the computing system cannot autonomously neutralize the malware at least in part by:
periodically checking, by the endpoint management system, a flag to determine whether the computing system is infected with malware;executing software by the computing device in an attempt to autonomously neutralize the malware;setting the flag by the computing device indicating that the attempt by the software to autonomously neutralize the malware failed;reading the flag by the endpoint management system and determining that the flag is set; in response to the determining that the computing system cannot autonomously neutralize the malware, modifying by the endpoint management system a network access control policy to alter the computing system's first level of access to the network to a second level of access to the network, the second level providing more limited access to the network than the first level.