Antivirus not picking up Sentinel One

Ryan_C_Smith · January 6, 2020, 5:22pm

How do I make it so the a/v alert picks up Sentinel 1. The process is sentinelagent.exe and I added that to the recovery but it doesn’t seem to work.

I have either bitdefender or S1 running on each workstation.

Jarred_Wheeler · January 8, 2020, 3:51pm

I’m confused by this question, so I’m going to answer it in how I read it:

You can create a new alert. Under thresholds, click on “Applications” and then “service running”. Give it a name and then type in the Service Match Name (sentinelagent.exe).

Configure the alert to remove the service or whatever and select your machines you want to run it on.

Ryan_C_Smith · January 8, 2020, 5:47pm

I have these rules setup but still doesn’t catch them.

Mike_E14 · January 14, 2020, 1:56pm

You need to separate the trigger conditions with “AND” and the reset with “OR”. See screenshot on correct setup.

Ryan_C_Smith · January 16, 2020, 4:42am

Wouldn’t it be “Or” ? They are running one or the other. Not both.

Mike_E14 · January 17, 2020, 5:46am

See my screenshot above.