Getting started with Application Isolation

Application Isolation provides the following protection:
  • Shields well-known, trusted applications from exploits
    Individual isolation policies protect a set of supported well-known trusted applications and browsers. Make sure to check the supported list. Use Memory Exploit Mitigation policies to protect other applications that do not have an out-of-the-box isolation policy.
  • Dynamically isolates untrusted applications
    A Platform Isolation policy defines isolation levels for categories of suspicious, untrusted applications.
Use the following guidelines to set up Application Isolation:
  1. Check the requirements.
    Your devices must have Application Hardening installed with the Symantec Agent (
    Symantec Endpoint Protection
    client) installation package.
    Application Isolation is supported on Windows devices only. The following are supported operating systems:
    • Windows 7 (64-bit only)
    • Windows 8 (64-bit only)
    • Windows 10 (64-bit only)
  2. Choose the device groups that should use Application Isolation.
    Choose a group that does not exceed the number of devices allowed by your Application Isolation entitlement.
  3. Verify application discovery.
    In the cloud console, on the
    Discovered Items
    page, select the
    Applications
    tab.
    The KPI bar on the
    Applications
    list shows the count of vulnerable applications and common infection vectors.

    For more information, see:
  4. Learn how Intensive Protection blocking and monitoring levels affect isolation of suspicious files.
    You might want to apply an Intensive Protection policy to your devices if you do not already use one. See:
  5. Choose your isolation strategy.
    You can use monitoring mode to see how your policies perform before you enforce them. See:
    Protection strategy
    Strategy
    Description
    Monitoring only
    Apply a Platform Isolation policy in monitoring mode.
    Apply application and browser isolation policies (Chrome, Firefox, Internet Explorer, Microsoft Office, Adobe) in monitoring mode.
    Protect well-known applications; monitor suspicious applications.
    Apply a Platform Isolation policy in monitoring mode.
    Apply application and browser isolation policies (Chrome, Firefox, Internet Explorer, Microsoft Office, Adobe) in enforce mode.
    Protect well-known applications; isolate suspicious applications.
    Apply a Platform Isolation policy in enforce mode.
    Apply application and browser isolation policies (Chrome, Firefox, Internet Explorer, Microsoft Office, Adobe) in enforce mode.
  6. Configure the isolation policies and apply to your targeted device group.
    From the home page, you can run the
    Product Configuration
    wizard to apply policies automatically to your device groups. Or you can manually configure policies. See:
    Isolation policies are sent directly to devices.
    Symantec Endpoint Protection Manager
    does not manage these policies or show them in its management console.
  7. Check that violations are generated.
    You can see if isolation violations are generated as result of your policies. Go to the following:
    • Discovered Items > Applications
      KPI bar
    • Alerts and Events > Events
    If you do not see events, make sure that your devices have installed Application Hardening. See:
  8. Check for false positives, user overrides, or exception requests.
    To see false positives, check the
    Discovered Items
    page.
    To see user overrides or exception requests, check the KPI bar on the
    Events
    page. You can filter the
    Events
    list.
  9. Create exceptions or exclusions if necessary.
    You can create an allow list or a deny list exception with an Allow List or Deny List exceptions policy. These exceptions prevent
    Symantec Endpoint Security
    from detecting an application or file or enable
    Symantec Endpoint Security
    to always block the file. See:
    You can also create isolation policy exclusions to control how isolation policies protect or secure your applications. For example, you might want to create an exclusion so a browser can download a specific file or download files to a temporary folder location. You can create the exclusion directly in the policy or from the event details pages with the
    Add Exclusion
    action. See:
For more details and information about these steps, see: