Computer network isolation

Computer network isolation allows automatically isolating a computer from the network in response to the detection of an indicator of compromise (IOC) – this is the automatic mode. You can turn on Network isolation manually while you are investigating the detected threat – this is the manual mode.

When Network isolation is turned on, the application severs all active connections and blocks all new TCP/IP network connections on the computer except the following connections:

You can configure the component settings only in the Web Console.

Automatic Network isolation mode

You can configure Network isolation to be turned on automatically in response to an IOC detection. You can configure the automatic Network isolation mode with a group policy.

How to configure Network isolation to be turned on automatically in response to an IOC detection

You can configure Network isolation to be turned off automatically after a specified time elapses. By default, the application turns off Network isolation after 8 hours have passed from the time when it was turned on. You can also turn off Network isolation manually (see the instructions below). After turning off network isolation, the computer can use the Network without restrictions.

How to configure the delay for turning off Network isolation of a computer in automatic mode

Manual Network isolation mode

You can manually turn Network isolation on and off. You can configure the manual Network isolation mode using the computer properties in the Kaspersky Security Center console.

You can turn on Network isolation:

How to turn on Network isolation of a computer manually

You can configure Network isolation to be turned off automatically after a specified time elapses. By default, the application turns off Network isolation after 8 hours have passed from the time when it was turned on. After turning off network isolation, the computer can use the Network without restrictions.

How to configure the delay for turning off Network isolation of a computer in manual mode

How to turn off Network isolation of a computer manually

You can also disable Network isolation locally using the command line.

Network isolation exclusions

You can configure Network isolation exclusions. Network connections that match the rules are not blocked on the computer when Network isolation is turned on.

To configure Network isolation exclusions, you can use a list of standard network profiles. By default, exclusions include network profiles containing rules that ensure uninterrupted operation of devices with the DNS/DHCP server and DNS/DHCP client roles. You can also modify the settings of standard network profiles or define exclusions manually (see instructions below).

Exclusions specified in policy properties are applied only if Network isolation is turned on automatically in response to a detected threat. Exclusions specified in computer properties are applied only if Network isolation is turned on manually in computer properties in the Kaspersky Security Center console or in alert details.

An active policy does not prevent applying exclusions from Network isolation configured in computer properties because these parameters have different usage scenarios.

How to add a Network isolation exclusion in automatic mode

How to add a Network isolation exclusion in manual mode

You can also view the Network isolation exclusion list locally using the command line. In this case, the computer must be isolated.

Page top