Renamed SEPM group's EAR exception policy is lost when the group is renamed

book

Article ID: 192407

calendar_today

Updated On:

Products

Endpoint Detection and Response

Issue/Introduction

When setting Endpoint Activity Recorder Exception settings in Endpoint Detection and Response, the settings will be lost if they are saved with the SEPM group name that has since been renamed.

Cause

When the SEDR software does not have the most up-to-date list of SEPM groups, it is possible to save settings within a small window which will not get saved, but instead deleted.

Resolution

Before making changes to the EAR settings, consider editing the Group Inclusion list first and refreshing the list of SEPM groups. The list can become out of date if your SEPM admins have made recent changes that have not replicated, or changes were made to in Active Directory to AD-connected SEPM groups.

Attachments