Configuring the automatic disabling of network isolation

You can configure network isolation to be disabled automatically after a specified period of time:

• In the device properties.

  Configuring automatic disabling of network isolation in the properties of a device is not available if the policy is applied to the device.

• In the policy properties.

  The settings for automatically disabling network isolation specified in policy properties apply only to devices that were isolated as a result of detected Indicators of Compromise (IOC) during an IOC Scan task.

By default, the application disables network isolation 5 hours after it is enabled. With network isolation disabled, the device can operate on the network without restrictions.

Configuring the automatic disabling of network isolation in the device properties

To configure the automatic disabling of device network isolation:

1. In the main window of the Web Console or Kaspersky Security Center Cloud Console, select Assets (Devices) → Managed devices.

   The list of managed devices opens.

2. Select the administration group containing the necessary device. To do so, click the link in the Current path field above the list of managed devices and select an administration group in the window that opens.

   The list displays only the managed devices for the selected administration group.

3. Find your device in the list and click on its name.
4. This opens a managed device properties window; in that window, go to the Applications tab.
5. In the list of applications installed on the device, click the name of the Kaspersky Endpoint Security 12.1 for Linux application.

   The application properties window opens.

6. Go to the Application settings tab.
7. Go to Detection and Response → Endpoint Detection and Response Optimum section.
8. Under Network isolation, click Configure device unblocking.
9. This opens the Configure device unblocking window; in that window, specify the device unblocking settings.

   Device unblocking settings

   Setting	Description
   Unblock an automatically isolated device after:	This check box enables or disables automatic unblocking of an isolated device after the time period specified in the Hours input field. The check box is selected by default.
   Hours	Input field for the amount of time (in hours) after which an isolated device will be automatically unblocked. This field is active only if the Unblock an automatically isolated device after check box is selected.

10. Save your changes.

Configuring the automatic disabling of network isolation in the policy properties

To configure the automatic disabling of device network isolation:

1. In the main window of the Web Console or Kaspersky Security Center Cloud Console, select Assets (Devices) → Policies and profiles.

   The list of policies opens.

2. Select the administration group containing the devices to which the policy is applied. To do so, click the link in the Current path field in the upper part of the window and select the administration group in the window that opens.

   The list displays the policies configured for the selected administration group.

3. Click the name of the required policy in the list.

   The policy properties window opens.

4. Go to the Application settings tab.
5. Go to Detection and Response → Endpoint Detection and Response Optimum section.
6. Under Network isolation, click Configure device unblocking.
7. This opens the Configure device unblocking window; in that window, specify the device unblocking settings.

   Device unblocking settings

   Setting	Description
   Unblock an automatically isolated device after:	This check box enables or disables automatic unblocking of an isolated device after the time period specified in the Hours input field. The check box is selected by default.
   Hours	Input field for the amount of time (in hours) after which an isolated device will be automatically unblocked. This field is active only if the Unblock an automatically isolated device after check box is selected.

8. Save your changes.

Page top