Manually configuring network isolation

To manually isolate a device from the network, you need integration with Kaspersky Endpoint Detection and Response Optimum.

If you manually enable network isolation for a device, you can pre-configure network isolation using the Enabling network isolation (NetworkIsolationStart) local task. You can configure network isolation exclusions and the duration of network isolation for a device.

Enabling network isolation is a predefined task and runs only automatically in the following cases:

• If you click the Isolate device from the network button in the device properties.
• If you enable network isolation of the device in the alert details window.

You cannot create a new instance of the Enabling network isolation task by clicking the Add button or run the task by clicking the Start button. This task is only available in the device properties, where you can change its settings before enabling network isolation for the device.

The Enabling network isolation task settings apply regardless of whether a policy is applied to the device.

To configure the network isolation parameteres for a device:

1. In the main window of the Web Console, select Assets (Devices) → Managed devices.

   The list of managed devices opens.

2. Select the administration group containing the necessary device. To do so, click the link in the Current path field above the list of managed devices and select an administration group in the window that opens.

   The list displays only the managed devices for the selected administration group.

3. Find your device in the list and click its name.
4. This opens a managed device properties window; in that window, go to the Tasks tab.
5. In the task list, click the Enabling network isolation task.

   The task properties window opens.

6. Go to the Application settings tab.
7. Click the Configure exclusions link to open the Exclusions window.
8. In the window that opens, use the buttons above the table to perform the necessary action:
   • If you want to add information about an excluded network connection, do so in one of the following ways:
     • Click the Add button and enter information about the network connection.
     • Click the Add from profile button and select a network profile from the dictionary.
   • If you want to delete information about an excluded network connection, select the check box next to the network connection to be removed and click the Remove button.
9. Click OK.
10. Enter the desired duration of network isolation of the device, in hours, in the Isolate the device for field.

    The default duration of network isolation is 5 hours.

    The minimum duration of network isolation is 1 hour.

11. Click the Save button to save the changes made.

Page top