Auto isolation promptly isolates potentially infected endpoints from the network when critical severity suspicious activity is detected. This feature allows administrators to investigate the threat without concern regarding its spread to other endpoints.
This configuration is available for Windows, Linux, and macOS systems. It incorporates options for Networking Isolation and Process Isolation across all supported operating systems, as well as Desktop Isolation specifically for Windows.
Auto isolation is enabled by default for new accounts and will be progressively enabled for existing accounts with the suspicious activity monitoring and manual isolation policy settings enabled.
If you prefer to isolate endpoints solely by manual process instead of using automatic isolation, auto isolation can be disabled.
- Go to Configure > Policies.
- Select a policy.
- Select Endpoint Detection and Response policy settings.
- Uncheck Allow automatic isolation of endpoints when critical suspicious activity is found for all operating systems.
For more information, see Endpoint Detection and Response policy settings in OneView.