Computer groups: deny internet access / "isolate"

Hi all,

I've been scratching my head for quite some time now looking for a way to bulk isolate machines in the endpoint protection module of Sophos Central.
Our company policy is to isolate machines not seen on the system for 30+ days, which can be 250+ computers a time to isolate one by one!

I've recently discovered the computer groups feature and noticed you can have set policies per group;
Is there a particular way to set up so that a certain computer group cannot access the internet, so isolating by proxy?

Any other workarounds welcome - thanks in advance Thumbsup

Parents
  • what do you mean by "not seen on the system"? Are you saying the devices haven't reported into Central in 30 days? Or that they are green in Central but they haven't connected to your local network?

    Isolate isn't really meant as a web control feature. It's to prevent lateral movement inside and environment. So, if these are active systems that aren't in your network and you want to prevent web access - you could use the Web Control and block all categories and uncategorized connections.

    I am a little confused about your use case. Can you clarify please.

    RichardP

    Program Manager, Support Readiness | CISSP | Sophos Technical Support
    Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • Thank you for your response RichardP.

    To clarify, I mean the computer hasn't been active on our company network / hasn't been signed into on our domain in a while.

    We use Active Directory to disable AD accounts after a certain period but the thinking with isolating computers through Sophos Central was if someone was to log into one of our computers with a local account, the web restrictions would still apply through Sophos where our group policies wouldn't be in effect.

    Hope that clarifies better.

    Zeke


Reply
  • Thank you for your response RichardP.

    To clarify, I mean the computer hasn't been active on our company network / hasn't been signed into on our domain in a while.

    We use Active Directory to disable AD accounts after a certain period but the thinking with isolating computers through Sophos Central was if someone was to log into one of our computers with a local account, the web restrictions would still apply through Sophos where our group policies wouldn't be in effect.

    Hope that clarifies better.

    Zeke


Children