I think you need to be more clear in your request, but I will take a stab at it.
This is type of action is typically handled by your anti-malware product, or even a NAC, however I could see it being possible to set up a package deployment to set up a firewall rule that only allows the device in question to communicate with very specific endpoints. These endpoints would have to be identified by you, however they may include your Lansweeper server (for reversing the action), VPN IP (remote users?), and any appropriate servers needed for DNS or authentication such as Duo for example if you are using it for MFA.
A note of caution should be made if you create something that does this, as if you accidentally deploy it to more devices than intended, you will probably have a bad day. Also if you do not have it configured appropriately and deploy it to a remote device, you may find yourself struggling to get it back online.
