Configure Live Response

Live Response lets you connect to devices to investigate and remediate possible security issues.

Restriction To change Live Response settings, you must be a Super Admin or have a custom role that includes Manage Live Response settings for computers or Manage Live Response settings for servers. See Give admins access to Live Response.

Turn on Live Response and specify which devices it can connect to, as described below.

You need to turn on Live Response for computers and servers separately.

  1. Turn on Live Response for computers as follows:
    1. Go to Global Settings > Endpoint Protection > Live Response.
    2. Turn on Allow Live Response connections to computers.

      By default, Live Response can connect to all computers.

    3. If you want to prevent Live Response from connecting to specific computers, look under Exclusions, select the computers in Available, and move them to Excluded.
    4. Click Save.
  2. Turn on Live Response for servers as follows:
    1. Go to Global Settings > Server Protection > Live Response.
    2. Turn on Allow Live Response connections to computers.

      By default, Live Response can connect to all servers.

    3. If you want to prevent Live Response from connecting to specific servers, look under Exclusions, select servers in Available, and move them to Excluded.
    4. Click Save.

To start using Live Response, go to Devices, click a device to open its details page, and click Live Response. For details, see Start Live Response.