When responding to threats, users with the Senior security officer role can isolate hosts with detected objects that require your attention when investigating the incident.
Network isolation is not a Threat Response action by itself. The security officer should take steps to investigate the incident on his own while the network isolation is active for the host. You can configure the duration of host network isolation when you create the network isolation rule.
Network isolation is available for hosts with Kaspersky Endpoint Agent version 3.8 or newer.
To ensure correct operation of an isolated host, it is recommended to meet the following conditions:
Isolated hosts can access the following resources over the network:
If there is no connection between the isolated host and the server with the Central Node component for more than 5 hours, the network isolation rule is automatically disabled.
In cases when Kaspersky Endpoint Agent is turned off on the host, and also for a certain period of time after turning on Kaspersky Endpoint Agent or rebooting the computer with Kaspersky Endpoint Agent, network isolation of the host may be inactive.
Keep in mind several limitations when applying network isolation.