Allow network traffic on isolated endpoints | Trend Micro Service Central

Views:

Configure exceptions that allow network traffic to and from isolated endpoints.

Isolating endpoints is a proven tool for mitigating security incidents. However, network isolation sometimes hinders incident response, as trusted channels in your environment are also blocked. The Response Management app allows you to specify inbound and outbound network traffic exceptions for specific IPv4 addresses.

Important

You can only allow network traffic for isolated Windows or macOS endpoints running Endpoint Sensor or the Apex One Security Agent.

Procedure

Go to Workflow and Automation → Response Management and click the Settings tab.
Enable Allow network traffic on isolated endpoints and click Edit settings.

Note

If you see View settings, you lack the necessary permissions to edit the settings.
Add a network traffic exception.
1. If you need to add a new inbound or outbound exception, click Add Exception under the Inbound Network Traffic or Outbound Network Traffic sections, respectively.
  
  Note
  
  You can specify up to 50 inbound and 50 outbound exceptions.
2. In the Protocol drop-down list, select which protocol the exception allows.
3. In the IP address field, enter the IPv4 address of the endpoint.
  
  Note
  
  Only standard IPv4 addresses other than 0.0.0.0 are allowed.
4. In the Port field, specify on which ports to allow network traffic.
  - Select Any to allow network traffic on any port.
  - Select Specific and enter the ports on which to allow network traffic.
    
    Use commas (,) to separate multiple entries.
In the Status field, choose whether to activate the exceptions after saving.

Click Save.

Note

You must specify at least one inbound or outbound exception to save your settings.
The timing of your settings propagating to endpoints depends on the agent.
- Endpoint Sensor: Exceptions are updated immediately after saving your settings.
- Apex One Security Agent: Exceptions are updated when the endpoint is isolated.