About network isolation in Kaspersky Endpoint Agent
November 17, 2023
ID 196958
Kaspersky Endpoint Agent provides the ability to isolate devices from the network on demand (manually) or automatically in response to detections.
After enabling network isolation, the application severs all active network connections on the devices and blocks all new TCP/IP network connections, except for the connections listed below:
- connections specified as network isolation exclusions;
- connections initiated by the services of a compatible EPP;
- connections initiated by the services of Kaspersky Endpoint Agent;
- connections initiated by Kaspersky Security Center Network Agent.
Enabling and disabling network isolation
Network isolation of the device can be enabled manually, or automatically as a response to detections.
Network isolation can be disabled automatically, after a specified period of time, or manually.
If the Automatically end device isolation after check box is not selected in the network isolation settings and the time interval is not specified, network isolation will be disabled automatically after five hours since it was enabled.
After disabling network isolation, the device can work in the network without the restrictions imposed by Kaspersky Endpoint Agent during network isolation.
Network isolation exclusions
You can configure network isolation exclusions. Network connections that meet the conditions of the specified rules will not be blocked on devices after network isolation is enabled.
To simplify the configuration of network isolation exclusions, a list of network profiles (sets of predefined rules) is available in the application. The list and contents of the network profiles cannot be edited.
Exclusions can be specified both as part of network profiles and individually. Exclusions specified separately from network profiles are called custom exclusions.
By default, exclusions include network profiles, which consist of rules that ensure the uninterrupted operation of devices with the DNS/DHCP server and DNS/DHCP client roles.
If you change the settings of the exclusion that was specified in the network profile, this exclusion will become custom.
Exclusions specified in the policy properties are applied only if network isolation is automatically enabled by the application in response to detection. Exclusions specified in the device properties are applied only if network isolation is enabled manually.
The active policy does not block the usage of network isolation exclusions specified in the device properties, since the scenarios for applying these settings are different.
