Renamed SEPM group's EAR exception policy is lost when the group is renamed
Article ID: 192407
Endpoint Detection and Response
When setting Endpoint Activity Recorder Exception settings in Endpoint Detection and Response, the settings will be lost if they are saved with the SEPM group name that has since been renamed.
When the SEDR software does not have the most up-to-date list of SEPM groups, it is possible to save settings within a small window which will not get saved, but instead deleted.
Before making changes to the EAR settings, consider editing the Group Inclusion list first and refreshing the list of SEPM groups. The list can become out of date if your SEPM admins have made recent changes that have not replicated, or changes were made to in Active Directory to AD-connected SEPM groups.