Antivirus not picking up Sentinel One

How do I make it so the a/v alert picks up Sentinel 1. The process is sentinelagent.exe and I added that to the recovery but it doesn’t seem to work.

I have either bitdefender or S1 running on each workstation.

I’m confused by this question, so I’m going to answer it in how I read it:

You can create a new alert. Under thresholds, click on “Applications” and then “service running”. Give it a name and then type in the Service Match Name (sentinelagent.exe).

Configure the alert to remove the service or whatever and select your machines you want to run it on.

I have these rules setup but still doesn’t catch them.

You need to separate the trigger conditions with “AND” and the reset with “OR”. See screenshot on correct setup.

1 Like

Wouldn’t it be “Or” ? They are running one or the other. Not both.

See my screenshot above.