Kaspersky
Solved

EDR-O Network Isolation takes forever

  • 4 June 2021
  • 4 replies
  • 123 views

Hello

 

I’m using EDR-O and testing network isolation function.

Kaspersky Endpoint Agent’s policy settings goes like below

After isolation starts, it won’t end. Though I waited for more than 30 mins, my device was still isolated. Can you tell me why this happens and how to solve this problem?

 

For what it’s worth, I’m using a connection gateway.

 

Thanks in advance.

 

Yasutoshi Takayama

icon

Best answer by Jose P 8 June 2021, 21:20

View original

This topic has been closed for comments

4 replies

Userlevel 1
Badge

Hi @Yasutoshi Takayama ,

 

In order to turn off isolation, please follow the step here:

Open host with KSC
->’Devices/TAGS’
Open the device list at the ISOLATED FORM NETWORK tag.
Click “View devices”
Click on the device name.
To
To remove the isolation, turn off the tag.
Open ‘Tags’ tab
Check ‘Isolated from network’ Tag and click ‘Unassign tag’
Open device property
->’Devices/Managed Devices-> Click <Device name>’
Open ‘Application’ tab
Click ‘Kaspersky Endpoint Agent’
Open ‘Application Settings->Network isolation’ tab.
Click ‘General’.
uncheck the "Isolate current device from the network"
click ‘OK’
Click ‘Save’
After these steps, the isolation is turned off

Best,

Victor

Thank you for your support!!!

I understand how to turn off the isolation. 

But I’m still wondering why “Automatically disable network isolation” function doesn’t work. Do you have any idea on that?

 

Thank you in advance.

Yasutoshi Takayama

 

Userlevel 2
Badge +1

Greetings Yasutoshi,

You can find information about network isolation here:

About network isolation in Kaspersky Endpoint Agent
https://support.kaspersky.com/KEDR_Optimum/1.0/en-US/196958.htm

Configuring automatic disabling of network isolation
https://support.kaspersky.com/KEDR_Optimum/1.0/en-US/199780.htm

If the issue persists, please contact technical support by opening a support case at https://companyaccount.kaspersky.com/account/login or call 781.503.1880.

Working hours: Mon–Fri, 10:00 am – 5:00 pm (ET)
Excluding company holidays

https://support.kaspersky.com/us/b2b/US

To protect you as our customer, Kaspersky Lab requires any person contacting support to be registered in CompanyAccount. When registering, each person is required to enter a valid company name and contact information.

To register for CompanyAccount click on the link below:
https://companyaccount.kaspersky.com/account/create

*Please note that you will need to log out prior to registering  

Once at this site:
•    Click on "Create now."
•    Enter First name, Last name, Company Name, E-mail address.
•    Upload a key file (.key) or enter your 20 digit activation code.
•    Enter the CAPTCHA code
•    Accept the “terms of Privacy Statement”
•    Click "Create now"
Once completed, you will receive an email with instructions on how to access Kaspersky Lab support.

For more details, click on the link below:
http://support.kaspersky.com/faq/companyaccount_help

 

Regards

Hi @Jose P and @Victor C. ,

 

Sorry for the long silence.

I asked CompanyAccount and the problem solved.

Here is the summary for someone who will encounter the same problem.

 

Automatically disable network isolation after … you can specify in two places.

  1. Kaspersky Endpoint Agent Policy
  2. Device->Application->KEA->Network Isolation->General Settings

1 is used for IOC scan and 2 is used for isolation from Incident Card.

 

I set 5 mins in 1(KEA policy) but the device was set 30mins, I isolated the device from the incident card. I expected isolation would finish in 5 mins but actually 2 was used for isolation from incident card. 

 

Thank you for your support!!!

 

Best Regards,

Yasutoshi Takayama