About network isolation

Kaspersky Endpoint Detection and Response Optimum provides the ability to isolate devices from the network on demand (manually) or as an automatic action in response to detected threats.

After enabling network isolation, the application terminates all active TCP/IP connections and blocks all new TCP/IP network connections on isolated devices, except for the connections listed below:

• Connections specified as network isolation exclusions.
• Connections initiated by the services of a compatible EPP application.
• Connections initiated by Kaspersky Security Center Network Agent.

You can apply network isolation to a device manually in the EPP application settings on the device or in the alert details. It can also be applied automatically as a result of alert response actions when the IOC Scan task is performed. You can unblock an isolated device manually from the alert details in the EPP application settings on the device or from the command line. You can also configure a period after which network isolation will be disabled automatically.

You can configure network isolation exclusions. Network connections that meet the specified exclusion conditions will not be blocked on devices after network isolation is enabled.

For more information on managing network isolation manually using the EPP application settings on the device, configuring the settings to automatically apply network isolation using a Kaspersky Security Center policy, configuring exclusions, and managing network isolation using the command line, refer to the Kaspersky Endpoint Security for Windows Help and Kaspersky Endpoint Agent Help.