After clicking the button Isolate from EDR console, we can see that SEPM received the command to put the host in Quarantine, we can see from System logs on SEP client  that we are moving from Default to Quarantine, however, the client still has Internet access, even with Quarantine policy blocking everything, but Symantec related services.

VERSION INTRODUCED:
   SEP 14.3 RU8

ROOT CAUSE:
Quarantine may come from ICDM, or on-prem EDR. In 14.3 RU8 is trying to always apply ICDM quarantine policy to update white list domain. This unexpectedly clear the quarantine status when it comes from On-prem EDR.

SYMPTOMS:
The client first switches to the quarantine location and then quickly switches back to the default location.

TECHNICAL SOLUTION:
Only re-apply quarantine policy if both bFWQuarantined and ptrFWQuarantineUIConfig->GetFWQuarantine() are false. So, CL #44365080 can continue re-apply white list domain from ICDM as expected, and keeps On-prem EDR works same as 14.3 RU7.

CUSTOMER-FRIENDLY SOLUTION:
SEP client unexpectedly clear the quarantine status when it comes from On-prem EDR. Added addition check to avoid clear it.

SUGGESTED REGRESSION TESTING:
   1. Isolate from EDR
   2. Quarantine from ICDM.

For permanent solution the fix in 14.3RU9(ETA Q1-Q2 2024) is introduced, as the workaround is to perform the downgrade to 14.3RU7 or any other version lower than RU8.