Support Center > Search Results > SecureKnowledge Details
Endpoint Host Isolation Technical Level
Solution

Host Isolation is a feature that makes it possible to isolate or allow a specific host (access to network) that is under malware attack and poses a risk of propagation.
Isolation and removing from isolation can be applied on one or more computers.
Feature is available via

  • A dedicated Push operation on Endpoint Security Server R80.40 OR higher, through the web management
  • A "Custom Push Operation" on Endpoint Security Server R81 and higher, through "Smart Endpoint" application.  Follow these instructions:
    • Create a new push operation.
    • In the "Create Push Operation" window > "Select Blade" tab > select "Client Settings".
    • Select "Custom Push".
    • In "Type" field, type "401".
    After completing the push operation creation, the client syncs with the server and applies host isolation. (It could take some time.) Finally, in the client UI under  "Firewall and Application Control" blade > "Policy Details" > "Firewall Policy", you should see "Host Isolation".

    Note: Firewall blade is required.

    To remove from isolation:
    1. Create new push operation.
    2. In the "Create Push Operation" window > "Select Blade" tab, select "Client Settings".
    3. Select "Custom Push".
    4. In "Type" field, type "402".

    After applying isolation, the isolation will remain active until you remove the isolation. It will survive reboot and upgrade. New policy installation will not take effect, but will be saved locally and applied after you remove the isolation.

    During isolation all traffic is dropped except the connection to the management server.

    This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

    Give us Feedback
    Please rate this document
    [1=Worst,5=Best]
    Comment