How to verify that Application Isolation is running on your devices

Use the following checklist to verify that Application Isolation is running on your devices:
For additional Application Isolation troubleshooting issues, see:
Step 1: Check device communication with the cloud console
Your
Symantec Endpoint Protection
clients appear on the
Devices
page in the cloud console.
If you use a proxy, make sure that the proxy is set up correctly. See:
After you apply or change a policy, the sync from the cloud console to your devices can take up to 10 minutes to complete.
Step 2: Make sure that the Application Hardening component is installed on clients
Application Isolation requires that an additional component be installed on your
Symantec Endpoint Protection
clients. The Application Hardening component must be included in the client installation package. Currently the component is installed by default.
After you install Application Hardening on the client, several Symantec Data Center Security services appear in the client's Windows Services.
Step 3: Verify that isolation policies are applied to devices
Isolation policies are not automatically applied to devices or device groups. Make sure that you apply isolation policies and any updates to the device groups that should receive them. Check the
Devices
or the
Policies
page in the cloud console.
Step 4: Check the Common Agent log
On the client, open the
cafagent.log
file under
<
installation path
>\SAEP\Common Agent Framework\log
. Make sure that the following messages appear in the log:
CAF Agent is successfully enrolled with Server
"Command Name":"APPLY_LICENSE"} status: completed
"Command Name":"IPS_ENFORCE_POLICY"},"status": "completed"
Step 5: Check the Windows registry
On the client, view the registry value for
\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SISIPSDriver\Parameter\UseBuiltin
. The value should be 0.
Step 6: Check the client Event Viewer
In the agent user interface, select
View Logs > Application Hardening View Logs
. In the Event Viewer, select
Help > About Event Viewer
. The Current Policy field should show
framework, r2
. If the value is
BYPASS
, the client domain is not enrolled in the cloud console.
Step 7: Check history_ips.xml
On the client, open history_ips.xml under
<
installation path
>\SAEP\IPS\driver\history
.
Policy Accepted
should appear in the file. Otherwise an error appears.