Creating a network isolation rule

To create a network isolation rule:

1. Select the Endpoint Agents section in the window of the application web interface.

   This opens the table of hosts.

2. Select the host for which you want to enable or disable the network isolation rule.

   This opens a window containing information about the host.

3. Click Isolate.
4. In the Disable isolation after field, enter the time in hours (1 to 9999) during which network isolation of the host will be active.
5. In the Exclusions for the host isolation rule settings group, in the Traffic direction list, select the direction of network traffic that must not be blocked:
   • Incoming/Outgoing.
   • Incoming.
   • Outgoing.
6. In the IP field, enter the IP address whose network traffic must not be blocked.

   If you are using Kaspersky Endpoint Agent in the role of the Endpoint Agent component, you can use a proxy server for the connection of Kaspersky Endpoint Agent for Windows with Kaspersky Anti Targeted Attack Platform. When you add this proxy server to exclusions, network resources that can be accessed through the proxy server are also added to exclusions. If network resources that are accessed through the proxy server are added to exclusions, but the proxy server itself is not, such exclusions do not work.

7. If you selected Incoming or Outgoing, in the Ports field, enter the connection ports.
8. If you want to add more than one exclusion, click Add and repeat the steps to fill in the Traffic direction, IP and Ports fields.
9. Click Save.

The host will be isolated from the network.

You can also create a network isolation rule by clicking the Isolate <host name> link in the event information and in the alert information.

Users with the Security auditor and Security officer roles cannot create network isolation rules.

The network isolation feature is not available for hosts where Kaspersky Endpoint Agent for Linux and Kaspersky Endpoint Security for Linux are used as the Endpoint Agent component.