Re: System Quarantining

From: Karl Levinson, mvp (
Date: 09/14/05

Date: Tue, 13 Sep 2005 23:05:59 -0400

"p" <> wrote in message
> Does anyone know of any products that will quarantine systems that do
> not have the most updated MS Critical Patches? We have LANDesk and
> looking into that. I know Cisco has MARS and another security package.
> Basically, we have workstations we deploy patches to that we control.
> However, we have many laptops that we do not control, but want to
> ensure they have updated patches.

There are a number of products that do that. Besides the products you
mentioned, Microsoft has Windows 2003 which comes with Quarantine Server at
no extra cost, and I believe Sygate has a similar product.

You may not need a quarantine product necessarily. There are products like
Microsoft WSUS [also free] and McAfee ePolicy Orchestrator that will detect
new unmanaged computers on the network, detect whether patches are
installed, and push the needed patches or take other actions necessary.
Infected systems will be on the network, but not for long, and the cost and
administrative overhead may be less.