Home
Join

SentinelOne

1,557 Followers Follow
 
Ask SentinelOne a question
Author Marathon HeatlhCare
Max9043
Nov 9, 2022 at 14:09 UTC | SentinelOne

Why is space invaders embedded in my SentinelOne portal?

We're demoing the product and stumbled across a fully functioning space invaders game within the SentinelOne portal. I love space invaders but I don't believe it has a place in my security software. Seriously disappointed as we spent a lot of time and effort narrowing our choices. 

Space_invaders.JPG Space_invaders.JPG (35.4 KB)
  • Author Brian Fulmer
    Brianinca Nov 9, 2022 at 15:35 UTC

    Seriously? Take a breath. You'll be really upset if you look at Excel.

    Source: long-time Excel user and very satisfied SentinelOne user.

  • Author Guy M
    OscarOneEye Nov 9, 2022 at 19:46 UTC

    Kind of apropos, in that you are defending against invaders.

    Imagine the message if it were rampage where you try to destroy everything!

Author Jim Richardson
ITEfficiency
May 10, 2022 at 14:39 UTC | SentinelOne

Dell OpenManage iDRAC Service Module

We are having some difficulty getting Dell OpenManage iDRAC Service Module to run without encountering New Suspicious threat detected status per SentinelOne. We have tried adding exclusions via SentinelOne but we apparently have not hit on the proper way to construct these. Any tips or suggestions?

Author R Raab
R Raab
Apr 20, 2022 at 15:43 UTC | SentinelOne

SentinelOne Firewall Rules guidance

We are a small MSP who currently use S1 through a reseller.  We haven't been using the Network Control\Firewall feature but are interested in implementing it as an alternative to Windows Defender Firewall.  Obviously the firewall starts as completely empty with no policies.  

We understand how to create rules, tags, order rules, etc.  But we were hoping to get guidance on what actual rules we should or shouldn't create - things like 'on Windows systems, you need these allow rules if you want windows updates to continue working' or ideally a basic template that will allow critical network reliant OS functions to work, that we can then build upon.  We did ask our reseller for support on this and all they could do is link us to the knowledge base on how to create rules, which we've already read and doesn't answer the actual question.  

I realize that the majority of the rule creation is dependent on what we are going to be using it for.  For example, if we have customers running a machine shop, we'll need to add rules so they run their CATIA license server on a protected system, and so on.  We're not looking for hand holding over that.  Just some basic guidance, because right now our guy piloting this is considering just duplicating the pre-defined rules in Windows Firewall with a block all rule at the end.

Author Y C
Y6983
Apr 12, 2022 at 13:36 UTC | SentinelOne

powershell 7 script sentinelone

Hi,

I am looking for a script to extract the machines where SENTINELONE is installed on csv file?

when I run my command get-S1agent to file I get a result with a lot of parameters in line,

the result is not in the form of a table.

if someone has already made this kind of script,

thank you for your help

my script :

Import-Module SentinelOne
Add-S1APIToken -APIToken "My_api_token" -APITokenName MyKey1 -Endpoint https://mysconsole.sentinelone.net
Get-S1Agent -APITokenName MyKey1 -ResultSize All >c:\scripts\SentinelOne\S1.csv

Author Juan Raba
spicehead-ox9vl
Mar 25, 2022 at 08:10 UTC | SentinelOne

kidnaped without key of Sentinelone. I need to uninstall!

Hi, I have a new client with 4 Servers and 12 PC with Sentonelone installed but the Old IT Manager did not give us the passwords.

I alredy try to ask Sentinelone by mail with no response. What could I do? Thanks.

PD: I know old versions could be uninstalled with Sentinelone celaner /Sweeper but mine is new fron 2022.

Thanks

Author A-A-ron5x5
A-A-ron5x5
Jan 18, 2022 at 15:29 UTC | SentinelOne

SentinelOne using 60% CPU on Mac

I work for an MSP, and we recently took on an all Mac shop.  We have deployed Sentinel One successfully to all of the Macs.  We have one Mac that the user reports 60% CPU usage  by the sentineld process after the install.  Uninstalled and re-installed with no change after the reinstall.  Perceived speed of the computer went up after uninstall.

MacOS: Monterey

SentinelOne:  21.7.4

  • Author Thomas Peters
    TommyPDoesIT Feb 7, 2022 at 21:07 UTC

    In my experience, when you install S1 on an endpoint it begins a full system scan on said endpoint. I wonder if this scan is the culprit in CPU usage.

    I would start with checking the status of the system scan in the console.

Author Michael Mills
ShieldEdge
Nov 18, 2021 at 14:59 UTC | SentinelOne

Creating Reports for Clients

I can easily create reports for myself and it shows up under the reports tab.
I have even figured out the kludgy way that S1 treats scheduled reports (with a drop-down on the side of a page - weird).
What I have yet to figure out is if I am doing it right.
There are no directions.
I want these reports to be specific to each client, but switching to the client's context and creating the report may or may not be the right answer.
Creating the report using the "by group" selection and putting in the Site name may be the right answer.

Who knows??!!  Seriously... does anyone know???  S1 has seemingly no documentation on the creation of reports... only a listing of what menu options are available.... that's not useless... but it's next to it.

Any guidance would be a plus.

Thanks.

  • Author Leonard Altamura
    spicehead-5mm6p Aug 2, 2022 at 11:56 UTC
    • Create your clients not by Group but by the site.  Then create policies for separate groups within their sites.  When you create a report, you want to create a top-down approach.  Therefore you do the executive one first.  The executive report is an overview and what usually the Chiefs of the company are interested in reviewing.  Executive insight is the current Security status.  That report is generally for the CISO, but if he/she has a lot of system experience, he/she may ask for more reports.  The insights are for the security group.  The app reports are for patch management.  It's not that there is no manual to operate reports.  It is that S1 is geared towards a larger Or-chart.  Usually, smaller companies that are around 200 nodes or less don't have the breakout of departments.  Sometimes you have a one-man show or five-man team in the IT department.  That means all the insight reports are given to the 5 man team or the security team, if that makes any sense.  The app report will tell you which applications need updating (Vulnerabilities/ Patch Management); App reports are usually given to the Administrators with instructions on what to patch by the security team.   Vigilance is the report you provide if you have a breach and need an incident response.  The IRT (Incident Response Team) will usually request the latest logs of said breached machines and the Vigilance report.  If the breach is significant, they will ask for either an image of the infected drives or the physical drives, depending.  I hope this answers your question.  If you meant something different, don't hesitate to ask away. 
Author Steve Tucker
ABPSteve
Oct 8, 2021 at 13:56 UTC | SentinelOne

lock icon Deploying SentinelOne on DCs caused DNS and DHCP issues

I deployed SentinelOne on two DCs and it broke the DNS resolution. None of the endpoints could resolve outside the network. Once I removed the agent from the DC's, everyting was able to resolve. 

I have deployed SentinelOne on many DCs in many organizations and this is the first time I encountered this issue. Any ideas? 

Thanks,

Steve

  • Author Brian Fulmer
    Brianinca Oct 8, 2021 at 14:59 UTC

    Did you open a ticket? I've not had that issue; I run separate DHCP servers managed with IPAM, but S1 is on all of them. You used the DC profile for them, correct?

Author Justin Smith
justin287
Jun 21, 2021 at 15:31 UTC | SentinelOne

S1 Deployment via GPO

I've been digging through resources all morning but can't seem to really find the answer.

Can the SentinelOne msi, downloaded straight from the packages menu, be deployed via Group Policy without any modifications?

I see lots of information about how to deploy the msi via command line and etc. but nothing explicitly calling out Group Policy deployments.

Author Jim Richardson
ITEfficiency
Apr 28, 2021 at 14:22 UTC | SentinelOne

lock icon SentinelOne - Mac

I mostly deal with Windows PC but sometimes with Mac computers too.
Is SentinelOne will suited for use on Mac's?
Is there an estimate concerning compatibility with macOS 11.3?
Are there any Mac focused best practices in your documentation?
Thanks!
  • Author John DeMillion
    JohnD455 May 4, 2021 at 11:31 UTC

    Yes, SentinelOne is well-suited for Macs, in fact in our experience, SentinelOne is the only vendor in this space that keeps their macOS development on par with the Windows side.  While we're well-versed with both Windows and macOS, our environment is heavily Mac-based (~ 95% of ~ 3,000 endpoints) and we've been through quite a few traditional and next-gen anti-malware vendors over the years, with issues of varying severity and intractability popping up over time.  Even vendors that start out well will sometimes fall on their faces when Apple debuts a significant OS update, which causes a ton of disruption and customer-service issues, along with significant cost and wasted hours for my team.

    And while the vast majority of the historical malware risk is on the Windows endpoints, we do need to have full protection with no compromises and easy deployability on the Macs, for that long-promised day when the Macs will get all that malware that's been running rampant on the Windows side for the last three decades. ;-)
    Many of the next-gen vendors seem to expect us to either have a dedicated team of anti-malware staff monitoring their solution, or be willing to spend an enormous amount of money to outsource that job to their humans.  We wanted a next-gen solution that used its AI capabilities not only for detection and mitigation, but also to seamlessly deal with the majority of typical malware issues on its own, combining the functionality of traditional anti-malware with advanced next-gen capabilities.
    So we finally tried SentinelOne in the next-gen space because of a combination of functionality, usability, cost, and their demonstrated ability to keep up with OS changes on both the Windows and macOS platforms.  It's a top performer on the Windows side where most of the risk is (and passed all of our tests with flying colors), but they're also well-known for compatibility and reliability in the macOS administration community.  Despite their demonstrated track record, I have to admit we still held our breath a bit over the last year, waiting to see if the weird stuff and "gotcha" stuff that happened with our previous vendors would crop up....but it's been nothing but nice and quiet, with everything working pretty much perfectly.
    You mentioned 11.3 compatibility:  that's a great example of where SentinelOne demonstrated its proactivity on the Mac side.  They're well ahead of the curve with macOS updates (they start testing as soon as Apple releases updates to developers), they gave us the heads-up well ahead of time, and released the update to our tenant with 11.3 compatibility on April 27, just a day after 11.3's public release.  The new version is dated the 21st, so I'm betting we could have gotten it earlier had we pushed.  In our experience with other vendors in this space, there would have been no warning and we'd often be the first ones to report to the problem to them after we encountered it in production!  We understand that the macOS is a smaller space, but we don't want to be our vendors' canary in the macOS coal mine, or their alpha- or even early beta-testers....we're glad to help out with testing as part of a formal program, but we don't want to be the ones telling them of a giant compatibility issue that they've never heard of before, especially when they should have been testing for weeks or months, seeing and fixing any issues themselves before it gets anywhere near us.  We literally never encounter that kind of seemingly widespread issue with SentinelOne:  they're always on top of stuff on both platforms, but most importantly for us, on the macOS platform.
    Edited May 4, 2021 at 11:53 UTC
  • Author Jim Richardson
    ITEfficiency May 4, 2021 at 12:11 UTC

    John,

    Thank you very much for the detailed and well written feedback. This is very helpful! It’s encouraging to hear of a vendor that takes their responsibility to their customers so seriously.

    Edited Oct 20, 2021 at 16:06 UTC
Author Peter Clowes
PeteIT
Apr 15, 2021 at 06:51 UTC | SentinelOne

lock icon Sentinelone Blocking Chrome updates

Numerous chrome browsers won't update either manually or via patch management.  When trying to manually update I see "Your browser is managed by your organization"  The only extension I can't manipulate is SentinelOne.  How do I disable this extension or work around it blocking chrome from updating.  I don't see any option on the SentinelOne console either.

  • Author John DeMillion
    JohnD455 May 5, 2021 at 01:34 UTC

    i wouldn't think the SentinelOne extension would have anything to do with whether the browser can update or not.  What do these browsers say under chrome://policy ?

Author Frost Wolf
FrostWolf
Jan 19, 2021 at 16:38 UTC | SentinelOne

lock icon How to reach SentinelOne sales?

I'm an IT person at an MSP who uses SentinelOne through a reseller. We have roughly 800 SentinelOne endpoints.

We have been finding that support through our reseller has become problematic, because they end up being a middleman, and I don't get access to actual SentinelOne resources.  I asked my boss why we weren't going direct; he mentioned that he attempted to contact SentinelOne, but received no response. He told me I was free to contact SentinelOne to try and switch to a more direct model.

I have sent an e-mail through your "Contact Us" form.  I have called your number and gone to Sales, and only gotten voicemail (I have left a message).  What I haven't gotten is a response.  I would very much like to reach someone at your company to form a better relationship; is there someone I can reach and talk to?

Author first last
spicehead-7ojlb
Sep 4, 2019 at 13:10 UTC | SentinelOne

lock icon SentinelOne & false positive

Why SentinelOne company doesn’t have a standard way of reporting false positives?

It is a matter of fact that SentinelOne is prone to trigger false positives and your machine learning engine keeps flagging an application developed by my family member.


When I contacted your support they closed the ticked and wrote the issues should be opened via reseller.

When I contacted your resellers they informed me that they don’t handle such cases (they just sell the product) and suggested me to contact you instead.

I tried to report via various channels, via Facebook and Twitter but without success.


I don’t understand why you made it so difficult to report false positives. Every reputable antivirus vendor have a standard way of reporting false positives via email or web form.


After lot of effort I was able to find someone from SentinelOne and the false positive is confirmed.

While it is good that SentinelOne company confirms that the file is OK and should not be detected, the false positive is not fixed yet. I started to report the problem almost 4 months ago.

That’s very weird for security company to have such a slow response time.

Other security vendors are able to react within few hours but SentinelOne’s ~4months (and counting!) is unbelievable.

Please fix the false positive without further excuses and obstructions.

Author user138956
user138956
Jun 6, 2019 at 19:48 UTC | SentinelOne

lock icon deployment command line to install SentinelOne

WE tried running this command but fails, I'm missing a switch or if needed using Powershell ?

SentinelInstaller-windows-v2-6-1-5901-windows-v2-6-1-5901-windows-v2-6-1-5901_windows_v2_6_1_5901.exe /passive /quiet

Thanks

  • View 1 other comment
  • Author Joe Clark
    hdh_jclark Jan 12, 2020 at 01:29 UTC

    Anyone know the correct commands for ununtu and redhat? a deb and rpm?

  • Author Nate Berry
    NateFRC Apr 14, 2020 at 12:54 UTC

    This worked for Ubuntu 18.04.  Replace site_token with your own.  However, I've found that the domain is not set appropriately and not sure how to set it manually.

    Text
    sudo /opt/sentinelone/bin/sentinelctl management token set site_token
    
Author Curtis Schlegel
curtisschlegel2
Nov 1, 2018 at 15:45 UTC | SentinelOne

lock icon Automate Client agent updates?

Is it possible to automate the updates of client agents or is it always a manual process?  We would like the newer agent to deploy to a small group of PC's when it is available and then to deploy to the rest a few days later.  Can this be scheduled?

Show more

SentinelOne in Spiceworks

Edit
  • Phillip (SentinelOne)
    Marketing Jack-Of-All-Trades
    Jan 16, 2018 at 18:28 UTC
  • Haley for SentinelOne
    Community Brand Rep
    Dec 29, 2017 at 17:22 UTC
  • About SentinelOne

    Similar Vendors