Isolate a machine

When an attack is serious enough, you may want to isolate the whole machine while you can carry out further investigation and cleanup activities. In the ATP portal, identify the machine you want to isolate and open the Actions menu, and then select Isolate machine. The user will be prompted with a message to warn them of this activity and prompt them to contact the service desk:

As long as the device maintains internet connectivity, we can remotely control its capability to spread infections. This is a very powerful way of centrally controlling actions on devices without the risk of losing business productivity if a false positive is found.

You can undo machine isolation by repeating these steps and choosing to undo machine isolation. The user is not prompted about the undo action, but will regain access to the network once the action applies.