Configure the Kill Process active response in SEM

Use the Kill Process active response to end Windows-based processes in your SEM Agents. This response helps to stop suspicious or unauthorized processes. You can automate the response using a SEM rule or manually execute the response from the Respond menu on the SEM Console.

Configure the Windows active response connector on each SEM agent that requires active responses.

You can deploy your SEM agents and configure the Windows active response connector based on where you want to perform these actions. To perform actions at the domain level, deploy a SEM agent to at least one domain controller. To perform actions at the local level, deploy a SEM agent to each computer that requires a response.

1. On the SEM Console, navigate to Configure > Nodes.
2. Under Refine Results, expand the Type group, and then select the Agent check box.
3. Select an agent, and then click Manage node connectors.
4. In the search box, type Windows Active Response.
5. Select the Windows Active Response connector, and then click Add Connector.
6. Enter a custom alias name for the new connector, or accept the default, and then click Add.
7. Under Configured connectors, select your configured connector, and then click Start.