Isolate Endpoint Task

You can take preventive isolation measures on compromised endpoints that may pose a security risk to your network using context menus on the Trend Micro Vision One console.

  1. After identifying the endpoint to isolate, access the context or response menu and click Isolate Endpoint.

    The Isolate Endpoint Task screen appears.

  2. Confirm the targets of the response.
  3. (Optional) Specify a Description for the response or event.
  4. Click Create.

    Trend Micro Vision One creates the task and displays the current command status on the Response Management app.

  5. Monitor the task status.
    1. Open the Response Management app.
    2. (Optional) Locate the task using the Search field or by selecting Isolate Endpoint from the Action drop-down list.
    3. View the task status.
      • In progress... (): Trend Micro Vision One sent the command to the managing server and is waiting for a response

      • Queued (): The server queued the command due to a high volume of requests or because the Security Agent was offline

      • Successful (): The managing server successfully received the command

      • Unsuccessful (): An error or time-out occurred when attempting to send the command to the managing server

      Important:

      The Task status indicates whether the managing server was able to successfully receive and execute the command. If the command target is a Security Agent, the Task status does not necessarily indicate whether the target Security Agent or object successfully executed the command.

    After resolving the security issue on the isolated endpoint, you can restore network connectivity using the options button () in the Response Management app.

    For more information, see Restore Connection Task.