We're demoing the product and stumbled across a fully functioning space invaders game within the SentinelOne portal. I love space invaders but I don't believe it has a place in my security software. Seriously disappointed as we spent a lot of time and effort narrowing our choices.
Nov 9, 2022 at 15:35 UTC
Seriously? Take a breath. You'll be really upset if you look at Excel.
Source: long-time Excel user and very satisfied SentinelOne user.
Nov 9, 2022 at 19:46 UTC
Kind of apropos, in that you are defending against invaders.
Imagine the message if it were rampage where you try to destroy everything!
We are having some difficulty getting Dell OpenManage iDRAC Service Module to run without encountering New Suspicious threat detected status per SentinelOne. We have tried adding exclusions via SentinelOne but we apparently have not hit on the proper way to construct these. Any tips or suggestions?
We are a small MSP who currently use S1 through a reseller. We haven't been using the Network Control\Firewall feature but are interested in implementing it as an alternative to Windows Defender Firewall. Obviously the firewall starts as completely empty with no policies.
We understand how to create rules, tags, order rules, etc. But we were hoping to get guidance on what actual rules we should or shouldn't create - things like 'on Windows systems, you need these allow rules if you want windows updates to continue working' or ideally a basic template that will allow critical network reliant OS functions to work, that we can then build upon. We did ask our reseller for support on this and all they could do is link us to the knowledge base on how to create rules, which we've already read and doesn't answer the actual question.
I realize that the majority of the rule creation is dependent on what we are going to be using it for. For example, if we have customers running a machine shop, we'll need to add rules so they run their CATIA license server on a protected system, and so on. We're not looking for hand holding over that. Just some basic guidance, because right now our guy piloting this is considering just duplicating the pre-defined rules in Windows Firewall with a block all rule at the end.
I am looking for a script to extract the machines where SENTINELONE is installed on csv file?
when I run my command get-S1agent to file I get a result with a lot of parameters in line,
the result is not in the form of a table.
if someone has already made this kind of script,
thank you for your help
my script :
Add-S1APIToken -APIToken "My_api_token" -APITokenName MyKey1 -Endpoint https://mysconsole.sentinelone.net
Get-S1Agent -APITokenName MyKey1 -ResultSize All >c:\scripts\SentinelOne\S1.csv
Hi, I have a new client with 4 Servers and 12 PC with Sentonelone installed but the Old IT Manager did not give us the passwords.
I alredy try to ask Sentinelone by mail with no response. What could I do? Thanks.
PD: I know old versions could be uninstalled with Sentinelone celaner /Sweeper but mine is new fron 2022.
I work for an MSP, and we recently took on an all Mac shop. We have deployed Sentinel One successfully to all of the Macs. We have one Mac that the user reports 60% CPU usage by the sentineld process after the install. Uninstalled and re-installed with no change after the reinstall. Perceived speed of the computer went up after uninstall.
Feb 7, 2022 at 21:07 UTC
In my experience, when you install S1 on an endpoint it begins a full system scan on said endpoint. I wonder if this scan is the culprit in CPU usage.
I would start with checking the status of the system scan in the console.
I can easily create reports for myself and it shows up under the reports tab.
I have even figured out the kludgy way that S1 treats scheduled reports (with a drop-down on the side of a page - weird).
What I have yet to figure out is if I am doing it right.
There are no directions.
I want these reports to be specific to each client, but switching to the client's context and creating the report may or may not be the right answer.
Creating the report using the "by group" selection and putting in the Site name may be the right answer.
Who knows??!! Seriously... does anyone know??? S1 has seemingly no documentation on the creation of reports... only a listing of what menu options are available.... that's not useless... but it's next to it.
Any guidance would be a plus.
Aug 2, 2022 at 11:56 UTC
- Create your clients not by Group but by the site. Then create policies for separate groups within their sites. When you create a report, you want to create a top-down approach. Therefore you do the executive one first. The executive report is an overview and what usually the Chiefs of the company are interested in reviewing. Executive insight is the current Security status. That report is generally for the CISO, but if he/she has a lot of system experience, he/she may ask for more reports. The insights are for the security group. The app reports are for patch management. It's not that there is no manual to operate reports. It is that S1 is geared towards a larger Or-chart. Usually, smaller companies that are around 200 nodes or less don't have the breakout of departments. Sometimes you have a one-man show or five-man team in the IT department. That means all the insight reports are given to the 5 man team or the security team, if that makes any sense. The app report will tell you which applications need updating (Vulnerabilities/ Patch Management); App reports are usually given to the Administrators with instructions on what to patch by the security team. Vigilance is the report you provide if you have a breach and need an incident response. The IRT (Incident Response Team) will usually request the latest logs of said breached machines and the Vigilance report. If the breach is significant, they will ask for either an image of the infected drives or the physical drives, depending. I hope this answers your question. If you meant something different, don't hesitate to ask away.
I deployed SentinelOne on two DCs and it broke the DNS resolution. None of the endpoints could resolve outside the network. Once I removed the agent from the DC's, everyting was able to resolve.
I have deployed SentinelOne on many DCs in many organizations and this is the first time I encountered this issue. Any ideas?
Oct 8, 2021 at 14:59 UTC
Did you open a ticket? I've not had that issue; I run separate DHCP servers managed with IPAM, but S1 is on all of them. You used the DC profile for them, correct?
I've been digging through resources all morning but can't seem to really find the answer.
Can the SentinelOne msi, downloaded straight from the packages menu, be deployed via Group Policy without any modifications?
I see lots of information about how to deploy the msi via command line and etc. but nothing explicitly calling out Group Policy deployments.
- View 1 other comment
Mar 21, 2022 at 12:04 UTC
Ever get any traction on this issue? I have a call with an S1 vendor this morning to discuss a trial/pilot for my site. My plan is to GPO the .msi as well.
Jul 18, 2022 at 15:11 UTCfound this https://wiki.secure-iss.com/Public/General/Sentinel-One-DeploymentOpens a new window
May 4, 2021 at 11:31 UTC
Yes, SentinelOne is well-suited for Macs, in fact in our experience, SentinelOne is the only vendor in this space that keeps their macOS development on par with the Windows side. While we're well-versed with both Windows and macOS, our environment is heavily Mac-based (~ 95% of ~ 3,000 endpoints) and we've been through quite a few traditional and next-gen anti-malware vendors over the years, with issues of varying severity and intractability popping up over time. Even vendors that start out well will sometimes fall on their faces when Apple debuts a significant OS update, which causes a ton of disruption and customer-service issues, along with significant cost and wasted hours for my team.And while the vast majority of the historical malware risk is on the Windows endpoints, we do need to have full protection with no compromises and easy deployability on the Macs, for that long-promised day when the Macs will get all that malware that's been running rampant on the Windows side for the last three decades. ;-)Edited May 4, 2021 at 11:53 UTCMany of the next-gen vendors seem to expect us to either have a dedicated team of anti-malware staff monitoring their solution, or be willing to spend an enormous amount of money to outsource that job to their humans. We wanted a next-gen solution that used its AI capabilities not only for detection and mitigation, but also to seamlessly deal with the majority of typical malware issues on its own, combining the functionality of traditional anti-malware with advanced next-gen capabilities.
So we finally tried SentinelOne in the next-gen space because of a combination of functionality, usability, cost, and their demonstrated ability to keep up with OS changes on both the Windows and macOS platforms. It's a top performer on the Windows side where most of the risk is (and passed all of our tests with flying colors), but they're also well-known for compatibility and reliability in the macOS administration community. Despite their demonstrated track record, I have to admit we still held our breath a bit over the last year, waiting to see if the weird stuff and "gotcha" stuff that happened with our previous vendors would crop up....but it's been nothing but nice and quiet, with everything working pretty much perfectly.You mentioned 11.3 compatibility: that's a great example of where SentinelOne demonstrated its proactivity on the Mac side. They're well ahead of the curve with macOS updates (they start testing as soon as Apple releases updates to developers), they gave us the heads-up well ahead of time, and released the update to our tenant with 11.3 compatibility on April 27, just a day after 11.3's public release. The new version is dated the 21st, so I'm betting we could have gotten it earlier had we pushed. In our experience with other vendors in this space, there would have been no warning and we'd often be the first ones to report to the problem to them after we encountered it in production! We understand that the macOS is a smaller space, but we don't want to be our vendors' canary in the macOS coal mine, or their alpha- or even early beta-testers....we're glad to help out with testing as part of a formal program, but we don't want to be the ones telling them of a giant compatibility issue that they've never heard of before, especially when they should have been testing for weeks or months, seeing and fixing any issues themselves before it gets anywhere near us. We literally never encounter that kind of seemingly widespread issue with SentinelOne: they're always on top of stuff on both platforms, but most importantly for us, on the macOS platform.
May 4, 2021 at 12:11 UTC
Thank you very much for the detailed and well written feedback. This is very helpful! It’s encouraging to hear of a vendor that takes their responsibility to their customers so seriously.Edited Oct 20, 2021 at 16:06 UTC
Numerous chrome browsers won't update either manually or via patch management. When trying to manually update I see "Your browser is managed by your organization" The only extension I can't manipulate is SentinelOne. How do I disable this extension or work around it blocking chrome from updating. I don't see any option on the SentinelOne console either.
May 5, 2021 at 01:34 UTC
i wouldn't think the SentinelOne extension would have anything to do with whether the browser can update or not. What do these browsers say under chrome://policy ?
I'm an IT person at an MSP who uses SentinelOne through a reseller. We have roughly 800 SentinelOne endpoints.
We have been finding that support through our reseller has become problematic, because they end up being a middleman, and I don't get access to actual SentinelOne resources. I asked my boss why we weren't going direct; he mentioned that he attempted to contact SentinelOne, but received no response. He told me I was free to contact SentinelOne to try and switch to a more direct model.
I have sent an e-mail through your "Contact Us" form. I have called your number and gone to Sales, and only gotten voicemail (I have left a message). What I haven't gotten is a response. I would very much like to reach someone at your company to form a better relationship; is there someone I can reach and talk to?
Why SentinelOne company doesn’t have a standard way of reporting false positives?
It is a matter of fact that SentinelOne is prone to trigger false positives and your machine learning engine keeps flagging an application developed by my family member.
When I contacted your support they closed the ticked and wrote the issues should be opened via reseller.
When I contacted your resellers they informed me that they don’t handle such cases (they just sell the product) and suggested me to contact you instead.
I tried to report via various channels, via Facebook and Twitter but without success.
I don’t understand why you made it so difficult to report false positives. Every reputable antivirus vendor have a standard way of reporting false positives via email or web form.
After lot of effort I was able to find someone from SentinelOne and the false positive is confirmed.
While it is good that SentinelOne company confirms that the file is OK and should not be detected, the false positive is not fixed yet. I started to report the problem almost 4 months ago.
That’s very weird for security company to have such a slow response time.
Other security vendors are able to react within few hours but SentinelOne’s ~4months (and counting!) is unbelievable.
Please fix the false
positive without further excuses and obstructions.
Sep 23, 2019 at 12:40 UTC
This is video how the falsely flagged application looks like:
WE tried running this command but fails, I'm missing a switch or if needed using Powershell ?
SentinelInstaller-windows-v2-6-1-5901-windows-v2-6-1-5901-windows-v2-6-1-5901_windows_v2_6_1_5901.exe /passive /quiet
- View 1 other comment
Jan 12, 2020 at 01:29 UTC
Anyone know the correct commands for ununtu and redhat? a deb and rpm?
Apr 14, 2020 at 12:54 UTC
This worked for Ubuntu 18.04. Replace site_token with your own. However, I've found that the domain is not set appropriately and not sure how to set it manually.Text
sudo /opt/sentinelone/bin/sentinelctl management token set site_token
Is it possible to automate the updates of client agents or is it always a manual process? We would like the newer agent to deploy to a small group of PC's when it is available and then to deploy to the rest a few days later. Can this be scheduled?
Customize Header Background
Customize Page CSS
This is the CSS that will be included for all tabs for this vendor page.