Kaspersky Endpoint Detection and Response Optimum provides the ability to isolate devices from the network on demand (manually) or as an automatic action in response to detected threats.
After enabling Network isolation, the application terminates all active TCP/IP connections and blocks all new TCP/IP network connections on isolated devices, except for the connections listed below:
You can apply Network isolation to a device manually in the EPP application settings on the device or in the alert details. It can also be applied automatically as a result of alert response actions when the IOC Scan task is performed. You can unblock an isolated device manually from the alert details in the EPP application settings on the device or from the command line. You can also configure a period after which Network isolation will be disabled automatically.
You can configure Network isolation exclusions. Network connections that meet the specified exclusion conditions will not be blocked on devices after Network isolation is enabled.
For more information on managing Network isolation manually using the EPP application settings on the device, configuring the settings to automatically apply Network isolation using a Kaspersky Security Center policy, configuring exclusions, and managing Network isolation using the command line, refer to the Kaspersky Endpoint Security for Windows Help, Kaspersky Endpoint Security for Mac Help, Kaspersky Endpoint Security for Linux Help, and Kaspersky Endpoint Agent Help.
Page top