Kaspersky Endpoint Agent provides the ability to isolate devices from the network on demand (manually) or automatically as in response to detections.
After enabling network isolation, the application breaks all active network connections on the devices and blocks all new TCP/IP network connections, except for the connections listed below:
Enabling and disabling network isolation
Network isolation of the device can be enabled manually or automatically, as a result of response to detections.
Network isolation can be disabled automatically after a specified period of time or manually.
If the Automatically disable network isolation after check box is not selected in the network isolation settings and the time interval is not specified, network isolation will be disabled automatically after five hours since it was enabled.
After disabling network isolation, the device can work in the network without restrictions imposed by Kaspersky Endpoint Agent during network isolation.
Network isolation exclusions
You can configure network isolation exclusions. Network connections that meet the conditions of the specified rules will not be blocked on the devices after network isolation is enabled.
To simplify configuration of network isolation exclusions, a list of network profiles (sets of predefined rules) is available in the application. The list and contents of the network profiles cannot be edited.
Exclusions can be specified both as part of network profiles and separately. Exclusions specified separately from the network profiles are called custom exclusions.
By default, exclusions include network profiles, consisting of rules that ensure uninterrupted operation of devices with the DNS/DHCP server and DNS/DHCP client roles.
If you change the settings of the exclusion that was specified in the network profile, this exclusion will become custom.
Exclusions specified in the policy properties are applied only if network isolation is automatically enabled by the application in response to detection. Exclusions specified in the device properties are applied only if network isolation is enabled manually.
The active policy does not block the usage of network isolation exclusions specified in the device properties, since the scenarios for applying these settings are different.