Body
This article applies to the following operating system(s):
Windows
Apple macOS
Overview
This article outlines:
NOTE: Due to the nature of device Isolation, this article is mainly presented as a resource for Local Support/TSPs to identify an isolated macine.
Isolation Notice
A pop-up in the taskbar will appear which indicates the device has been isolated from all network capabilities:
Restrictions
Devices that have been isolated will be unable to access network resources of any kind, including:
- Internet
- Networked drives
- New email (sending and receiving)
Open "Sophos Endpoint" Menu to check the status:
Reasons for Isolation
Some explanations can, but not always, be attributed to the following unless an exception has been made:
- Devices that exhibit behavior consistent with an active infection
- Regular and reoccuring notices implying an underlying infection that hasn't been mitigated
- 2+ types of malware notices present simultaneously which might indicate an active and spreading infection
- Critical notices having a severity, determined by the analyst, to warrant isolation
- Unresponsive device owners concerning prolonged notices over 3 days from unmitigated infections
- See also APM 30.14 Proactive UI Network Security Measures
- Devices that have software or Operating Systems past End-of-Life (EOL) and highly susceptible to attack
What Next?
Removed from Isolation Notice
Similar to an Isolation Notice, a Removed from Isolation notice will appear in the taskbar:
Resources