You can isolate one or more endpoints from the rest of your network and the Internet through the Carbon Black EDR console.

When an endpoint is isolated, its connectivity is limited to the following (unless you have created network isolation exclusions as described in Create an Isolation Exclusion):

  • The Carbon Black EDR server can communicate with an isolated computer.

  • To allow the sensor to communicate with the Carbon Black EDR server, ARP, DNS, and DHCP services remain operational on the sensor’s host. (For Windows operating systems prior to Vista, ICMP (for example, ping) will remain operational.)

  • DNS and DHCP are allowed through on all platforms. This is required for proper communications to the Carbon Black EDR server. Protocols are allowed by UDP/53, UDP/67, and UDP/68.

  • ICMP is allowed on the following operating systems:

    • Windows (operating systems prior to Vista)

    • macOS
    • Linux

  • UDP is blocked on all platforms.