device remain isolated despite being 'released' from isolation

%3CLINGO-SUB%20id%3D%22lingo-sub-2011430%22%20slang%3D%22en-US%22%3Edevice%20remain%20isolated%20despite%20being%20'released'%20from%20isolation%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2011430%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20have%20a%20device%20running%20Defender%20for%20Endpoint%20that%20is%20behaving%20as%20if%20it%20is%20isolated%20(it%20only%20connects%20to%20DNS%20and%20specific%20Microsoft%20services%20over%20443).%26nbsp%3B%20All%20other%20connections%20we%20can%20see%20are%20being%20blocked%2C%20according%20to%20the%20Windows%20Firewall%20log%2C%20despite%20it%20being%20set%20to%20allow%20all%20connections%20on%20all%20profiles.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20have%20been%20told%20by%20IT%20that%20the%20device%20has%20been%20released%20-%20a%20couple%20days%20ago%20-%20but%20it%20is%20still%20behaving%20the%20same%20way.%26nbsp%3B%20Is%20there%20a%20client-side%20mechanism%20available%20to%20reset%20the%20Defender%20configuration%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EInitially%20we%20were%20unaware%20of%20the%20isolation%20%26amp%3B%20thought%20the%20issue%20was%20a%20general%20network%20adapter%20problem%2C%20so%20we%20have%20tried%20the%20usual%20things%20such%20as%20resetting%20the%20tcp%2Fip%20stack%20via%20netsh%2C%20resetting%20winsock%2C%20disabling%20or%20'allowing%20all'%20in%20the%20firewall%20and%20network%20driver%20updates.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20know%20the%20hardware%20is%20OK%20as%20we%20have%20used%20a%20Linux%20live%20CD%20to%20test%20it.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20hope%20this%20is%20the%20correct%20'Defender'%20forum%20for%20this%20post.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Senior Member

We have a device running Defender for Endpoint that is behaving as if it is isolated (it only connects to DNS and specific Microsoft services over 443).  All other connections we can see are being blocked, according to the Windows Firewall log, despite it being set to allow all connections on all profiles.

 

We have been told by IT that the device has been released - a couple days ago - but it is still behaving the same way.  Is there a client-side mechanism available to reset the Defender configuration?

 

Initially we were unaware of the isolation & thought the issue was a general network adapter problem, so we have tried the usual things such as resetting the tcp/ip stack via netsh, resetting winsock, disabling or 'allowing all' in the firewall and network driver updates.

 

We know the hardware is OK as we have used a Linux live CD to test it.

 

I hope this is the correct 'Defender' forum for this post.

0 Replies