Computer network isolation allows automatically isolating a computer from the network in response to the detection of an indicator of compromise (IOC).
When Network isolation is turned on, the application severs all active connections and blocks all new TCP/IP network connections on the computer except the following connections:
Managing Network isolation
You can configure the task for EDR Optimum in Web Console and Cloud Console. Task settings for EDR Expert are available only in Cloud Console.
You can configure Network isolation to be turned on automatically in response to an IOC detection. You can also manually turn Network isolation on and off.
You can turn on Network isolation:
Alert Details is a tool for viewing the entirety of collected information about a detected threat. Alert details include, for example, the history of files appearing on the computer. For details about managing alert details, refer to the Kaspersky Endpoint Detection and Response Optimum Help and the Kaspersky Endpoint Detection and Response Expert Help.
How to configure Network isolation to be turned on automatically in response to an IOC detection
How to turn on Network isolation of a computer manually
You can configure Network isolation to be turned off automatically after a specified time elapses. By default, the application turns off Network isolation after 8 hours have passed from the time when it was turned on. You can also manually turn off Network isolation. After turning off network isolation, the computer can use the Network without restrictions.
How to configure the delay for automatically turning off Network isolation of a computer
How to turn off Network isolation of a computer manually
You can also disable Network isolation locally using the command line.
Network isolation exclusions
You can configure Network isolation exclusions. Network connections that match the rules are not blocked on the computer when Network isolation is turned on.
To configure Network isolation exclusions, you can use a list of standard network profiles. By default, exclusions include network profiles containing rules that ensure uninterrupted operation of devices with the DNS/DHCP server and DNS/DHCP client roles. You can also modify the settings of standard network profiles or define exclusions manually (see instructions below).
Exclusions specified in policy properties are applied only if Network isolation is turned on automatically in response to a detected threat. Exclusions specified in computer properties are applied only if Network isolation is turned on manually in computer properties in the Kaspersky Security Center console or in alert details.
An active policy does not prevent applying exclusions from Network isolation configured in computer properties because these parameters have different usage scenarios.
How to add a Network isolation exclusion
You can also view the Network isolation exclusion list locally using the command line. In this case, the computer must be isolated.
Page top