When responding to threats, users with the Senior security officer role can isolate hosts with detected objects that require your attention during the incident investigation.
Network isolation is not a Threat Response action by itself. The security officer should take steps to investigate the incident on his own while the network isolation is active for the host. You can configure the duration of host network isolation when you create the network isolation rule.
If you are using Kaspersky Endpoint Agent for Windows as the Endpoint Agent component, network isolation is available for hosts with the Kaspersky Endpoint Agent application version 3.8 and later.
To ensure correct operation of an isolated host, it is recommended to meet the following conditions:
Isolated hosts can access the following resources over the network:
In cases when the Endpoint Agent component is turned off on the host, and also for a certain period of time after turning on th component or restarting the computer with the component, network isolation of the host may be inactive.
Keep in mind several limitations when applying network isolation.