When responding to threats, users with the Senior security officer role can isolate hosts with detected objects that require your attention when investigating the incident.
Network isolation is available for hosts with Kaspersky Endpoint Agent version 3.8 or newer.
Network isolation is not a Threat Response action by itself. The security officer should take steps to investigate the incident on his own while the network isolation is active for the host. You can configure the duration of host network isolation when you create the network isolation rule.
To ensure correct operation of an isolated host, it is recommended to meet the following conditions:
Isolated hosts can access the following resources over the network:
If there is no connection between the isolated host and the server with the Central Node component for more than 5 hours, the network isolation rule is automatically disabled.
In cases when Kaspersky Endpoint Agent is turned off on the host, and also for a certain period of time after turning on Kaspersky Endpoint Agent or rebooting the computer with Kaspersky Endpoint Agent, network isolation of the host may be inactive.
You can also manage network isolation using the the Kaspersky Security Center Administration Console. It is recommended to manage network isolation either only in Kaspersky Security Center or only in Kaspersky Anti Targeted Attack Platform. Correct functioning is not guaranteed when managing network isolation from the interface of both programs.
Some limitations apply when network isolation is used.