Isolating Endpoints

Isolate at-risk endpoints to run an investigation and resolve security issues. Restore the connection promptly when all issues have been resolved.

Required Products

Optional Products

  • Control Manager 7.0 (or later)

  • OfficeScan 11.0 SP1 (or later)

    Important:

    Endpoint isolation requires that you install OfficeScan agents with the OfficeScan firewall enabled on the target endpoints.

  • Endpoint Sensor 1.5 (or later)

  1. Go to Directories > Users/Endpoints.
  2. Select to view endpoints.
  3. Click the name of an endpoint in the list.
  4. On the Endpoint - {name} screen that appears, click Task > Isolate.

    Control Manager disables the Isolate option on endpoints for the following reasons:

    • The agent on the endpoint runs an unsupported version.

    • The user account used to log on to Control Manager does not have the necessary permissions.

  5. A message appears at the top of the Endpoint - {name} screen that allows you to monitor the isolation status. After isolation completes, the message closes and a notification appears on the target endpoint to inform the user.

    If a problem occurs during the isolation process, the message at the top of the Endpoint - {name} screen informs you of the problem.

  6. To view all isolated endpoints on your Control Manager network, click the Endpoints > Filters > Network Connection > Isolated node in the User/Endpoint Directory tree.
  7. Click the Modify Allowed Traffic button to optionally configure allowed inbound and outbound traffic to all isolated endpoints.
    1. Select Control traffic on isolated endpoints.
    2. Expand the Inbound Traffic or Outbound Traffic sections.
    3. Specify the allowed traffic by specifying the Protocol, IP Address, and Destination Port.

      Separate multiple destination ports using commas.

    4. Add multiple inbound and outbound entries by clicking the - control to the right of the Destination Port information.
    Note:

    After modifying the allowed traffic settings, all previously isolated endpoints and any endpoints isolated later apply the inbound and outbound traffic settings.

  8. After you have resolved the security threats on an isolated endpoint, restore network connectivity from the following locations:
    • Endpoint - {name}: Click Task > Restore.

    • Endpoints > Filters > Network Connection > Isolated: Select the endpoint row in the table and click Restore Network Connection.

  9. A message appears at the top of the screen that allows you to monitor the restoration status. After restoration completes, the message closes and a notification appears on the target endpoint to inform the user.

    If a problem occurs during the restoration process, the message at the top of the screen informs you of the problem.