Isolate Client feature succeeds even when an Endpoint Protection client is in a location without a Host Integrity policy.

book

Article ID: 170096

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

The Symantec Advanced Threat Protection's (ATP) Isolate Client feature leverages the Symantec Endpoint Protection Manager (SEPM) Host Integrity (HI) policy to force a client to run and fail the compliance check, thus resulting in the client being moved to the Quarantine Location. ATP then verifies with SEPM if the client's group has the required HI policy and Quarantine Location configured. If the client group already contains more than one location in which no HI policy is configured, when selecting a client to be isolated from within ATP, the action will be successful even though the client is in that location without a HI policy configured.

Environment

Microsoft Windows

Resolution

This issue is fixed in Advanced Threat Protection 3.0.  For more information on updating ATP to the latest build, refer to KB HOWTO124857.