Kaspersky Endpoint Detection and Response Optimum provides the ability to isolate devices from the network on demand (manually) or as an automatic action to respond to detected threats.
After enabling network isolation, the application breaks all active TCP/IP connections and blocks all new TCP/IP network connections on the devices, except for the connections listed below:
You can apply device network isolation manually in the EPP application settings on the device or in the alert details. It can also be applied automatically as a result of alert response actions when the IOC Scan task is performed. You can unlock an isolated device manually from the alert details in the EPP application settings on the device or from the command line. You can also configure the period after which to disable network isolation automatically.
You can configure network isolation exclusions. Network connections that meet the conditions of the specified exclusion will not be blocked on the devices after network isolation is enabled.
For more information on managing network isolation manually using the EPP application settings on the device, configuring the settings to automatically apply network isolation using Kaspersky Security Center policy, configuring exclusions and the ability to manage network isolation using the command line, refer to Kaspersky Endpoint Security for Windows Help and Kaspersky Endpoint Agent Help.
Page top