ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

ATP 3.x cannot select any groups to add group exception on Endpoint Data Recorder Exceptions Dialog.

book

Article ID: 172317

calendar_today

Updated On:

Products

Advanced Threat Protection Platform

Issue/Introduction

In ATP 3.0 - 3.1, Only the last SEPM controller can add SEPM groups to Endpoint Data Recorder Exception when multiple SEPM controllers are connecting to replicating SEPM sites.

Cause

SEPM groups from replicating SEPM sites are associated to the last SEPM controller. 

Each hour SEPM controllers fetch SEPM groups following controller configuration order, since SEPM sites are replicating each other hence their groups are same, groups fetched by previous controller are overwritten by next controller, finally SEPM groups are associated to the last controller and only be available on the last controller.

Resolution

This issue is resolved by editing the most recently added SEPM's Endpoint Data Recorder Exceptions and letting that setting replicate to the other SEPMs. ATP version 3.2 and later will allow you to edit any SEPM in a replication group to add Endpoint Data Recorder Exceptions.