You can enable network isolation for a device in the following ways:
When creating and configuring IOC Scan task settings in the Actions on IOC detection section, if you select the Apply response actions when an IOC is detected and Isolate device from the network check boxes, then network isolation is enabled automatically when the application detects indicators of compromise (IOCs).
Enabling network isolation is available only if integration with Kaspersky Endpoint Detection and Response Optimum is enabled and the EDR Optimum component has the In progress status.
You can disable network isolation for a device in the following ways:
Disabling network isolation in the device properties and in the command line is available regardless of whether integration with Kaspersky Endpoint Detection and Response Optimum is enabled and the EDR Optimum component is enabled, or whether a policy is applied to the device.
You can configure exclusions for network connections that do not need to be isolated when network isolation is enabled.
You can check the network isolation status on the command line.
After enabling network isolation, the application severs all active network connections on the device and blocks all new TCP/IP network connections, except for the connections listed below:
An isolated EDR Optimum device automatically gets the ISOLATED FROM NETWORK tag. This tag is automatically removed when network isolation is disabled.
For general information on getting a list of isolated devices by tag, see the Kaspersky Endpoint Detection and Response Optimum Help.