Use Computer-based active responses in SEM

To perform Windows-based actions related to computers and computer services on your SEM Agents, use the following Computer-based active responses. These actions are useful to respond to insider abuse, computer infections, and other suspicious activity. They can be automated in a SEM rule, or executed manually from the Respond menu in the SEM console.

  • Disable Windows Machine Account1
  • Enable Windows Machine Account1
  • Disable Networking
  • Detach USB Device
  • Restart Machine
  • Restart Windows Service
  • Send Popup Message
  • Shutdown Machine
  • Start Windows Service
  • Stop Windows Service

Requirements

Configure the Windows Active Response connector on each SEM Agent on which you want to be able to use these active responses.

Deploy your SEM Agents and configure the Windows Active Response connector based on where you want to perform these actions. To perform actions at the domain level, deploy a SEM Agent to at least one domain controller. To perform actions at the local level, deploy a SEM Agent to each computer you want to be able to respond to.