Endpoint Isolation fails with "Isolation failed: Error: Endpoint cannot be isolated. You must have a SEPM Host Integrity/Quarantine policy configured."
There can be a few reasons why this error occurs:
The SEP Client is in a Client Group that does not have the required Host Integrity/Quarantine Policy applied.
The SEP Client was recently moved to a Client Group that does not have the required Host Integrity/Quarantine Policy applied.
The SEP Client that the attempt to Isolate has been taken on, is a duplicate or orphaned Client Entry that no longer physically exists.
For issues 1 and 2 above, in Symantec Endpoint Protection Manager verify that the SEP Client's SEPM Group is correct and that the required Host Integrity/Quarantine Policy is applied. For duplicate or orphaned clients, verify whether the client details indicate that it may be a duplicate or orphaned client: Verify the "Last Check-in Time". A time sometime in the past may indicate that the client is no longer present Verify the MAC ADDRESS. Clients with the same Host Name and IP address but a different MAC ADDRESS is an indication that these are duplicate clients. Verify the SEPM Group. Clients with the same Host Name and IP address but a different SEPM Group is an indication that these are duplicate clients.
In the examples below, a duplicate client "WIN7-Client" exists. It has not been connected since 25 December last year and has in fact been removed from SEPM.
Subscribing will provide email updates when this Article is updated. Login is required.