Unlock "Isolate from network" computer

Jan-Eric

I tested the "Isolate from network" in portal on one of our EPP/EDR windows device. It isolated all right but now it's stuck without access to network.

I have tried "Release from network isolation" but all I get is "Waiting for delivery to the device" for 7 hours. Is there any manual way to release this host?

Jan-Eric

Running Windows in failsafe mode with network did the trick!

JamesC

Dear @Jan-Eric

Thank you for contacting WithSecure Community and sorry to hear that you were not able to release device from isolation.

Is the affected host a cloned/golden image host ?

Kindly check if device shares the same Agent/Device UUID as other devices, as it could be competing or conflicting for release operation instruction.

Another scenario is that your network setup causes the host to change IP addresses.

Issuing a remote operation like Release Network Isolation would never delete/remove/hide devices from portal.

If the isolated host still has a VPN connection that is turned on, it is possible that the command to release the host from isolation will not go through until the VPN connection is turned off. 
If the VPN is still on and attempting to reconnect, it might disrupt the connection to our backend, so you should turn it off and then attempt to send a new status update to the host. 

Also check if there is any Firewall blocking the connectivity to our backend, which you can refer to here or run the Connectivity Tool.

Lastly, if response/FAMP cannot get online on that host, there is a possibility is that the network driver failed to whitelist some network change.

As a workaround, we recommend to reboot the endpoint.

Jan-Eric

There are no shared UUIDs and the host is not cloned, eg a normal laptop.

The host was out of office connected by SSL VPN when network isolation was tested. But now there's a catch 22 scenario where I can't get VPN connected as the server is blocked and I can't disable or uninstall WithSecure as profile prohibit.