Configure the Kill Process active response in SEM

Use the Kill Process active response to end Windows-based processes in your SEM agents. This response can help you stop suspicious or unauthorized processes running in your network. You can automate the response using a SEM rule or manually execute the response from the Respond menu on the SEM Console.

Configure the Windows active response connector on each SEM agent that requires active responses.

You can deploy your SEM agents and configure the Windows active response connector based on where you want to perform these actions. To perform actions at the domain level, deploy a SEM agent to at least one domain controller. To perform actions at the local level, deploy a SEM agent to each computer that requires a response.

1. Log in to the SEM Console.

2. On the toolbar, click Configure > Nodes.

   

3. In the Refine Results column, expand Type and select the Agent check box.

   

4. Select an agent, and then click Manage node connectors.

   

5. In the search box, type Windows Active Response and then click the magnifying glass icon.

   

6. Under Available connectors, select the Windows Active Response connector.

   

7. Click Add Connector.

   

8. Enter a custom alias name for the new connector, or accept the default.

   

9. Click Add.

   

10. Under Configured connectors, select your configured connector.

    

11. Click Start.

    

    The green indicator next to the connector name displays, indicating that the connector is started and running.