Containment issue on 4.4.05
There is a known issue in Endpoint 188.8.131.52 where containment fails to work.
Reference: RSA NetWitness Endpoint 184.108.40.206 Release Notes - https://community.rsa.com/docs/DOC-94369
Please upgrade to at least Endpoint 220.127.116.11
Other things to consider if Containment still doesn't work.
- Containment is only available for Windows Vista (6.0) and above.
- Containment is not available for Linux or MAC machines.
- Users must be assigned either L2 or Administrator permissions to use any of the machine containment functionality.
- A Machine connecting through a RAR cannot be contained, until it connects back on the LAN network.
- The Endpoint Agent software must be configured to run in Full Monitoring mode (default), or Full user mode plus modern network tracking (beta).
Reference: RSA NetWitness Endpoint 4.4 User Guide - https://community.rsa.com/docs/DOC-81665
In the Endpoint UI, Machines, check that the machine you wish to contain is not showing as having a Driver Error Code problem. The Endpoint Agent software must be fully functioning.