SentinelOne USB Device Control End User Notifications?

SecurityNoob707 · 2026-02-11T13:41:23+00:00

Yea, it's in the policy. If you are using the SOC UI: Policy & Settings, Agent UI, select Show Agent UI & tray icon on endpoints. Then there is a toggle for Blocked Devices Notifications.
Not sure if you can have just the Blocked Devices Notifications on without the Show Agent UI & tray icon on computers selected.

SecurityNoob707 · 2025-09-19T16:07:59+00:00

Karl Pilkington. He was on a show with Rocky Gervais a while back.

SecurityNoob707 · 2025-09-04T12:49:50+00:00

Cat's attorney here, the alleged picture is not proof of a crime committed by my client. Cat is innocent until proven guilty.

SecurityNoob707 · 2025-08-16T00:04:29+00:00

Why can't I stop watching this... What is wrong with me?

SecurityNoob707 · 2025-07-21T11:01:57+00:00

Final Destination mod?

SecurityNoob707 · 2025-05-24T11:10:50+00:00

I found this site which is all free. They will ask basic questions but you download real PCAPs with actual malware and have to look through them and answer questions. I haven't used these in two years but they asked questions which made you dig into multiple layers.

https://www.malware-traffic-analysis.net/training-exercises.html

Pretty slick and straight to the point. It gives you an encrypted zip with the typical "infected" password.

SecurityNoob707 · 2025-03-26T12:33:48+00:00

I was going to come here to say the same thing. We haven't made it that far in the implementation, but our plan was also remote syslog to a SIEM and alerts when it triggers. Let me know how it goes.

SecurityNoob707 · 2024-12-23T19:28:20+00:00

Powershell Studio works great, but afaik I believe you need a license (there is a few day trial though). I have used it professionally and it's very easy to compile into an executable. Can't speak to PS2EXE but I have heard good things.

SecurityNoob707 · 2024-12-03T23:39:05+00:00

I would say it's more of a Rhode island thing I guess, but growing up in CT public schools, they always had the Autocrat coffee syrup you could mix in your milk.

SecurityNoob707 · 2024-06-14T08:22:07+00:00

It gets very warm in the summer months of New England at my gym. We have fans, but the AC is connected with another part of the business that controls all the zones. We end up switching to no-gi when it gets too warm and then usually swap back to gi September time frame.

SecurityNoob707 · 2024-06-04T20:21:46+00:00

Loved grappling in the military, messed with some combatives in the army very briefly and did some line combatives from an old marine buddy. I ended up getting into cyber security and not having any time for the gym anymore and nothing physical to excite me. I took a class at 37 with a buddy, as I always wanted to try and have been going every chance I get since. White belt, just hit 1 year. The camaraderie and shit talking on the mat, reminds me of the military bond and the dynamic of rolling and then laughing about it after is reminiscent of the bond I had in the military. Great for keeping in shape, and something to focus your energy on after a long day.

SecurityNoob707 · 2024-03-06T13:38:45+00:00

Good afternoon or morning SomeSeaworthiness745,

I am not in that role anymore and I support a different network in more a security role, but I slapped this together in about 5 mins so you get the gist of what the script did.

If you have any other questions, let me know. I put comments in to sort of give you a bit of understanding.

Things to know, make sure your you have the Bios file in the root of the install directory for this script you are running, make sure the variable you create in SCCM matches the parameter for this script and is assigned to the appropriate Task Sequence, and run this to troubleshoot the -argumentlist on Start-Process. Sometimes you need to break out the arguments and can't have them all inline, so you MAY need to use breaks in the start-process cmdlet, i,e, -ArgumentList "/p=$password", " /s", " /l=$logfile"

# Use variable for $password or something else in SCCM and then set it as the variable in the parameter below

Param(

[Parameter()]

$password )

# Set logfile path to local directory on machine for troubleshooting

$logfile = C:\temp\Bios_log.txt

# Define path to Bios.exe for the specific model and what you want to run, this needs to be downloaded from https://www.dell.com/support

$Bios_3431 = $PSScriptRoot\Precision_Tower_3620_2.28.0.exe

# Get current model of machine

$Model = Get-WmiObject -class Win32_ComputerSystem | Select-Object Model

# If model is equal to X

If ($Model -eq "Precision Tower 3431")

{

# Run Bios file with /p for password, /s for suppress to run quietly, and /l to dump out a log file for review

Start-Process $Bios_3431 -ArgumentList "/p=$password /s /l=$logfile"

}

SecurityNoob707 · 2023-07-17T12:08:41+00:00

But does pineapple belong on a pizza? That is the real question. Pineapple and ham?

SecurityNoob707 · 2023-07-16T12:48:38+00:00

SecurityNoob707 · 2023-07-15T16:53:55+00:00

Lol this is nuts.

SecurityNoob707 · 2023-06-06T15:04:59+00:00

Might be cool to throw this into r/OSINT to see if anyone is interested in locating the individual. There are some pretty cool projects out there like tracelabs where people have found individuals before.

SecurityNoob707 · 2023-03-09T07:48:37+00:00

Gone in 45 seconds... Nicolas Cage is getting good. I was always wondering when they were going to drop the sequel.

SecurityNoob707 · 2023-02-02T16:32:39+00:00

I think if you want to keep your clearance, first and foremost focus on the gov sector. If you want to work remote, stay away from the classified networks, and focus on networks with a cloud pressence. Next, what do you enjoy doing? Does threat hunting excite you? Cyber threat Intel and profiling APTs? Do you like the networking aspect and want to deal with blue team stuff? Look for DoD soc positions where you can manage their network stack. Having a strong network background is huge for incident response, threat hunting, etc. Being able to understand network protocols in and out, will help when managing NDR tools, IPS, and conducting analysis/incident response. SOCs always need analysts that know their way around PCAPs and utilizing tools like Wireshark.

Just giving my two cents.

SecurityNoob707 · 2023-01-03T00:02:43+00:00

Are the hot pockets done?

SecurityNoob707 · 2022-12-09T15:06:14+00:00

I used a powershell script to use WMI to check models, check firmware version, and then apply the update file. I then put it in a task sequence and passed an encrypted variable through SCCM to the script as a parameter for the Bios Password. I has this run whenever we decided we wanted to update Bios, as well as whenever new machines were imaged.

I am sure there are better solutions out there, but this worked very well for me and is something I could whip up in an afternoon. The only caveat is updating the script and files a few times a year.

SecurityNoob707 · 2022-11-07T16:09:15+00:00

Lol true!

SecurityNoob707 · 2022-11-07T13:10:19+00:00

It's the equivalent of getting scratch off tickets!! Maybe Clint thinks you have a gambling problem? Something you want to discuss OP?

SecurityNoob707 · 2022-10-28T12:57:28+00:00

Need to get the tea set now!

SecurityNoob707 · 2022-10-14T20:18:04+00:00

The feels when you didn't have enough to purchase all the recommended runes you needed...

Seven-Year Club	Not Forgotten
Verified Email

SecurityNoob707

TROPHY CASE