What type of traffic is allowed when an endpoint is in self isolation mode?

When an endpoint is in self-isolation mode, only a limited set of traffic is allowed to ensure that the device can still function to a necessary extent without compromising security. In this mode, the primary purpose is to prevent further spread of potential threats while still allowing the device to access essential services.

DNS (Domain Name System) traffic is allowed in this mode because it is crucial for the endpoint to resolve domain names into IP addresses. This resolution is necessary for users to navigate to websites or access services by name rather than by numeric address. Allowing DNS traffic enables the endpoint to perform essential tasks, such as accessing updates or security definitions, which is important even while in isolation.

By permitting DNS traffic, the system can maintain a certain level of communication with necessary external resources without exposing the network to additional risks. This strategic allowance helps to balance security with functionality during a critical time.