search cancel

ATP 3.x cannot select any groups to add group exception on Endpoint Data Recorder Exceptions Dialog.


Article ID: 172317


Updated On:


Advanced Threat Protection Platform


In ATP 3.0 - 3.1, Only the last SEPM controller can add SEPM groups to Endpoint Data Recorder Exception when multiple SEPM controllers are connecting to replicating SEPM sites.


SEPM groups from replicating SEPM sites are associated to the last SEPM controller. 

Each hour SEPM controllers fetch SEPM groups following controller configuration order, since SEPM sites are replicating each other hence their groups are same, groups fetched by previous controller are overwritten by next controller, finally SEPM groups are associated to the last controller and only be available on the last controller.


This issue is resolved by editing the most recently added SEPM's Endpoint Data Recorder Exceptions and letting that setting replicate to the other SEPMs. ATP version 3.2 and later will allow you to edit any SEPM in a replication group to add Endpoint Data Recorder Exceptions.