In this video, we will demonstrate how to network contain a system with CrowdStrike Falcon. This capability is also referred to as “network quarantine” or “network isolation” and is typically used by administrators to remove an infected (or possibly infected) system from the network. This removes the ability for malware to spread or for an attacker to move latterly across the network. With CrowdStrike Falcon, once a system is network contained, it can only make network connections to the CrowdStrike cloud infrastructure or to local IPs that are specified by the administrator. It is also possible to un-contain a system after the system is verified as clean.