Hi all,I've been scratching my head for quite some time now looking for a way to bulk isolate machines in the endpoint protection module of Sophos Central.Our company policy is to isolate machines not seen on the system for 30+ days, which can be 250+ computers a time to isolate one by one!I've recently discovered the computer groups feature and noticed you can have set policies per group;Is there a particular way to set up so that a certain computer group cannot access the internet, so isolating by proxy?Any other workarounds welcome - thanks in advance
ok, you don't need to use Isolate for this. Edit the base web control policy that does the restrictions you want. This applies to all users who don't have another policy assigned - so would apply to the…
what do you mean by "not seen on the system"? Are you saying the devices haven't reported into Central in 30 days? Or that they are green in Central but they haven't connected to your local network?
Isolate isn't really meant as a web control feature. It's to prevent lateral movement inside and environment. So, if these are active systems that aren't in your network and you want to prevent web access - you could use the Web Control and block all categories and uncategorized connections.
I am a little confused about your use case. Can you clarify please.
Program Manager, Support Readiness | CISSP | Sophos Technical SupportSupport Videos | Product Documentation | @SophosSupport | Sign up for SMS AlertsIf a post solves your question use the 'Verify Answer' link.
Thank you for your response RichardP.To clarify, I mean the computer hasn't been active on our company network / hasn't been signed into on our domain in a while.We use Active Directory to disable AD accounts after a certain period but the thinking with isolating computers through Sophos Central was if someone was to log into one of our computers with a local account, the web restrictions would still apply through Sophos where our group policies wouldn't be in effect.Hope that clarifies better.Zeke
ok, you don't need to use Isolate for this. Edit the base web control policy that does the restrictions you want. This applies to all users who don't have another policy assigned - so would apply to the local user. Then you could have a less restrictive policy for normal users and assign that in bulk in Central.
I hope this helps.
Thank you, that makes perfect sense.Zeke