With Endpoint Detection and Response, you can use the Endpoint Isolation feature to quarantine an endpoint and prevent infections from spreading across your network environment. For this feature to function properly on managed Windows endpoints, Microsoft's Base Filtering Engine (BFE) service must be enabled on those endpoints.
The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. We recommend you do not disable or turn off this service as it can both compromise Windows endpoint security and also prevent Endpoint Isolation function.
If you have any Windows endpoints with Base Filtering Engine disabled, refer to the following Microsoft or 3rd party support content to enable the service: