About network isolation

Kaspersky Endpoint Detection and Response Expert provides the ability to isolate devices from the network on demand (manually) or as an automatic action in response to detected threats.

After enabling network isolation, the application breaks all active network connections on the devices and blocks new TCP/IP network connections, except for the connections listed below:

• Connections specified as network isolation exclusions
• Connections initiated by the services of a compatible EPP application
• Connections initiated by Kaspersky Security Center Network Agent

Device isolation from the network can be performed manually as a result of applying the EPP application settings on the device or in the alert details, or automatically as a result of detection responses actions when performing the IOC Scan task. You can unlock an isolated device manually from the alert details in the EPP application settings on the device or from the command line. You can also configure the period after which to disable network isolation automatically.

You can configure network isolation exclusions. Network connections that meet the conditions of the specified exclusion will not be blocked on the devices after network isolation is enabled.

For more information on managing network isolation manually by using the EPP application settings on the device, configuring the settings to automatically apply network isolation by using the Kaspersky Security Center policy, and configuring exclusions and the ability to manage network isolation by using the command line, refer to Kaspersky Endpoint Security for Windows Online Help.