Sophos Isolation Notice

This article applies to the following operating system(s):

 Windows
Apple macOS

Overview

This article outlines:

NOTE: Due to the nature of device Isolation, this article is mainly presented as a resource for Local Support/TSPs to identify an isolated macine.

Isolation Notice

A pop-up in the taskbar will appear which indicates the device has been isolated from all network capabilities:

 

Restrictions

Devices that have been isolated will be unable to access network resources of any kind, including:

  • Internet
  • Networked drives
  • New email (sending and receiving)

 

Open "Sophos Endpoint" Menu to check the status:

Reasons for Isolation

Some explanations can, but not always, be attributed to the following unless an exception has been made:

  • Devices that exhibit behavior consistent with an active infection
    • Regular and reoccuring notices implying an underlying infection that hasn't been mitigated
    • 2+ types of malware notices present simultaneously which might indicate an active and spreading infection
    • Critical notices having a severity, determined by the analyst, to warrant isolation
    • Unresponsive device owners concerning prolonged notices over 3 days from unmitigated infections
    • See also APM 30.14 Proactive UI Network Security Measures
  • Devices that have software or Operating Systems past End-of-Life (EOL) and highly susceptible to attack
    • ex: Windows 7

What Next?

 

  • Local Support / TSP:

    • Determine and complete the level of remediation necessary

    • Network capabilities will be restored to the device when ITS Security is notified of completed remediation

 

Removed from Isolation Notice

Similar to an Isolation Notice, a Removed from Isolation notice will appear in the taskbar:

 

Resources

Details

Article ID: 1863
Created
Fri 3/26/21 4:18 PM
Modified
Fri 5/20/22 10:09 AM

Related Articles (1)