Isolate a Computer (Windows and Mac Computers)

Applies To: WatchGuard Advanced EPDR, WatchGuard EPDR, WatchGuard EDR, and WatchGuard EDR Core

You can isolate an at-risk computer to block communication to and from the device. When you isolate a computer, WatchGuard Endpoint Security blocks all communications, except for those it requires. For more information, go to Isolated Computers – Allowed Processes (Windows and Mac Computers).

This feature is compatible with Mac computers and Windows workstations and servers. It is not supported on Linux, iOS, or Android devices.

When a computer is isolated, its communications are restricted, except for access to the computer from the Endpoint Security management UI. This enables you to analyze and resolve any detected problems with the tools in WatchGuard Endpoint Security.

With ThreatSync in WatchGuard Cloud, you can track events and isolate computers across multiple accounts. You can also create automation policies that isolate computers automatically when specific types of incidents occur. For more information, go to About ThreatSync Automation Policies.

To isolate computers, on the Computers page:

  1. In WatchGuard Cloud, select Configure > Endpoints.
  2. Select Computers.
  3. From the left pane, select the My Organization tab.
  4. Next to the computer or group of computers you want to isolate, click .
  5. Select Isolate Computers.
    The Isolate Computers dialog box opens.

Screen shot of WatchGuard Endpoint Security, Isolate Computers dialog box

  1. To exclude a process on the isolated computer and allow it to run, click Advanced Options.

Screen shot of WatchGuard Endpoint Security, Isolate Computers advanced options

  1. In the Allow the Following Processes text box, type the programs you want to exclude from the isolation process (for example, spotify.exe).
    These programs can communicate normally with other computers in the organization or external computers. If you excluded programs in a previous isolation operation, they display in the text box. You can edit the values in the text box.
  2. (Windows computers only) In the Show the Following Custom Message when Isolating Computers text box, type a descriptive message to inform users that their computer has been isolated from the network.
  3. To not show the custom message to the client, enable the I Prefer Not to Show Any Messages this Time toggle.
  4. Click Isolate.
    An orange icon appears next to the computer until it is isolated. A red icon The Isolated icon. appears when the computer is isolated.

To stop isolation, on the Computers page:

  1. Next to the computer or group of computers you want to stop isolation for, click .
  2. Select Stop Isolating Computers.
    An orange icon appears next to the computer until it is no longer isolated. The computer can communicate with other computers based on settings configured in other modules, products, or the operating system.

Related Topics

Isolated Computers – Allowed Processes (Windows and Mac Computers)

Computer Details

Scan Computers and Devices

Restart a Computer (Windows Computers)