What to do when host cannot rejoin network after it is isolated
Netwitness version 11.6 and higher
If an host has policy which isolation is enabled, by default the Endpoint Log Hybrid, Gateway, DNS server, and Relay Server (if applicable) IP addresses are whitelisted. If the host is on VPN or different network segment. It will not be able to be released from Isolation. Whitelisting the VPN gateway will have no effect.
The only resolution for this issue is to remove the Endpoint agent from host. Whitelist the VPN gateway IP. Install the agent.
Note: command below to use to manually remove the endpoint agent. (on the host, open a command prompt select "runas administrator") enter below command: