The Symantec Advanced Threat Protection's (ATP) Isolate Client feature leverages the Symantec Endpoint Protection Manager (SEPM) Host Integrity (HI) policy to force a client to run and fail the compliance check, thus resulting in the client being moved to the Quarantine Location. ATP then verifies with SEPM if the client's group has the required HI policy and Quarantine Location configured. If the client group already contains more than one location in which no HI policy is configured, when selecting a client to be isolated from within ATP, the action will be successful even though the client is in that location without a HI policy configured.
This issue is fixed in Advanced Threat Protection 3.0. For more information on updating ATP to the latest build, refer to KB HOWTO124857.
Subscribing will provide email updates when this Article is updated. Login is required.