Getting started with Application Isolation
Application Isolation provides the following protection:
- Shields well-known, trusted applications from exploitsIndividual isolation policies protect a set of supported well-known trusted applications and browsers. Make sure to check the supported list. Use Memory Exploit Mitigation policies to protect other applications that do not have an out-of-the-box isolation policy.
- Dynamically isolates untrusted applicationsA Platform Isolation policy defines isolation levels for categories of suspicious, untrusted applications.
Use the following guidelines to set up Application Isolation:
- Check the requirements.Your devices must have Application Hardening installed with the Symantec Agent (Symantec Endpoint Protectionclient) installation package.Application Isolation is supported on Windows devices only. The following are supported operating systems:
- Windows 7 (64-bit only)
- Windows 8 (64-bit only)
- Windows 10 (64-bit only)
- Choose the device groups that should use Application Isolation.Choose a group that does not exceed the number of devices allowed by your Application Isolation entitlement.
- Verify application discovery.In the cloud console, on theDiscovered Itemspage, select theApplicationstab.The KPI bar on theApplicationslist shows the count of vulnerable applications and common infection vectors.For more information, see:
- Learn how Intensive Protection blocking and monitoring levels affect isolation of suspicious files.You might want to apply an Intensive Protection policy to your devices if you do not already use one. See:
- Choose your isolation strategy.You can use monitoring mode to see how your policies perform before you enforce them. See:Protection strategyStrategyDescriptionMonitoring onlyApply a Platform Isolation policy in monitoring mode.Apply application and browser isolation policies (Chrome, Firefox, Internet Explorer, Microsoft Office, Adobe) in monitoring mode.Protect well-known applications; monitor suspicious applications.Apply a Platform Isolation policy in monitoring mode.Apply application and browser isolation policies (Chrome, Firefox, Internet Explorer, Microsoft Office, Adobe) in enforce mode.Protect well-known applications; isolate suspicious applications.Apply a Platform Isolation policy in enforce mode.Apply application and browser isolation policies (Chrome, Firefox, Internet Explorer, Microsoft Office, Adobe) in enforce mode.
- Configure the isolation policies and apply to your targeted device group.From the home page, you can run theProduct Configurationwizard to apply policies automatically to your device groups. Or you can manually configure policies. See:Isolation policies are sent directly to devices.Symantec Endpoint Protection Managerdoes not manage these policies or show them in its management console.
- Check that violations are generated.You can see if isolation violations are generated as result of your policies. Go to the following:
If you do not see events, make sure that your devices have installed Application Hardening. See:
- Discovered Items > ApplicationsKPI bar
- Alerts and Events > Events
- Check for false positives, user overrides, or exception requests.To see false positives, check theDiscovered Itemspage.To see user overrides or exception requests, check the KPI bar on theEventspage. You can filter theEventslist.
- Create exceptions or exclusions if necessary.You can create an allow list or a deny list exception with an Allow List or Deny List exceptions policy. These exceptions preventSymantec Endpoint Securityfrom detecting an application or file or enableSymantec Endpoint Securityto always block the file. See:You can also create isolation policy exclusions to control how isolation policies protect or secure your applications. For example, you might want to create an exclusion so a browser can download a specific file or download files to a temporary folder location. You can create the exclusion directly in the policy or from the event details pages with theAdd Exclusionaction. See:
For more details and information about these steps, see: