How to use Resource Monitor to see if a Capture Client Interoperability Exclusion is Being Applied

Description

This article describes how we can use Windows built-in tools to see if Capture Client exclusions of interoperability or higher are currently being applied.

Resolution

 

  1. Open Task Manager.
  2. Click the performance tab at the top.


  3. Click the CPU Tab on the resource monitor.
  4. Select the process or .exe for which the exclusion was created.

  5. Then click the Associated Module to see all that is injected into that process.


If InProcessClient64.dll (for 64-bit processes) or InProcessClient32.dll (for 32-bit processes) appears in the process stack, it indicates that the interoperability exclusion has not yet taken effect and Capture Client Threat Protection agent (SentinelOne) has injected itself into the process for monitoring.

Note: To ensure the exclusion is applied, restart the target process or reboot the endpoint, and then validate again using Resource Monitor. Once the exclusion is active, these agent DLLs should no longer be injected into the excluded process.

Related Articles

  • Integrating SonicWall Capture Client with SonicWall Firewalls
    Read More
  • How to purge crash dumps created by Capture Client Threat Protection Engine
    Read More
  • Capture Client – Migrate local CMC user login to MySonicWall account login
    Read More
not finding your answers?