search cancel

Advanced Threat Protection Endpoint Isolation Error

book

Article ID: 162820

calendar_today

Updated On:

Products

Advanced Threat Protection Platform

Issue/Introduction

Endpoint Isolation fails with "Isolation failed: Error: Endpoint cannot be isolated. You must have a SEPM Host Integrity/Quarantine policy configured."

Cause

There can be a few reasons why this error occurs:

  1. The SEP Client is in a Client Group that does not have the required Host Integrity/Quarantine Policy applied.
  2. The SEP Client was recently moved to a Client Group that does not have the required Host Integrity/Quarantine Policy applied.
  3. The SEP Client that the attempt to Isolate has been taken on, is a duplicate or orphaned Client Entry that no longer physically exists.

Resolution

For issues 1 and 2 above, in Symantec Endpoint Protection Manager verify that the SEP Client's SEPM Group is correct and that the required Host Integrity/Quarantine Policy is applied.
For duplicate or orphaned clients, verify whether the client details indicate that it may be a duplicate or orphaned client:
Verify the "Last Check-in Time". A time sometime in the past may indicate that the client is no longer present
Verify the MAC ADDRESS. Clients with the same Host Name and IP address but a different MAC ADDRESS is an indication that these are duplicate clients.
Verify the SEPM Group. Clients with the same Host Name and IP address but a different SEPM Group is an indication that these are duplicate clients.


In the examples below, a duplicate client "WIN7-Client" exists. It has not been connected since 25 December last year and has in fact been removed from SEPM.

Old Client:

Current Client:

 

 

Attachments