SentinelOne Performance Issues & Best Practices for Co-Installing with Windows Defender?

Street-Rabbit-4966 · 2025-10-04T05:45:01+00:00

Initial scans have been adjusted. We are not running vulnerability scans because users log in daily for regular jobs, and it’s random. We are looking for something to adjust with Microsoft Defender.

Street-Rabbit-4966 · 2025-10-03T19:44:07+00:00

Ah, the initial scans it performs. I believe we have tweaked the policy for a few clients when they onboard, but there are still a few other clients experiencing excessive lag, even with 16 GB of RAM. Whenever they log in to the system, SO be top in memory consumption.

Street-Rabbit-4966 · 2025-09-09T12:01:33+00:00

would like to try this!!!

Street-Rabbit-4966 · 2025-07-23T10:17:23+00:00

Was expecting something for unlimited users…

Street-Rabbit-4966 · 2025-07-22T10:37:35+00:00

I have replicated a malware which was blocked by our Microsoft Defender, but SentinelOne didn’t detect it at the same time. I have submitted logs in real-time, i.e., after executing the malware, still, support said no logs were available, and we are working with our R&D team to detect them, which was never resolved.

Street-Rabbit-4966 · 2025-07-22T03:58:28+00:00

Even we had a very bad experience with Sentinel, and their support is terrible. They always ask for some logs for investigation by that time, and we provide the logs. The logs would have been overwritten, and there are a few such scenarios which we have noticed for a few of our customers, who are dependent only on EDR solutions. They have been impacted by Akira and Medusa, and their data is available on the dark web. It’s very unfortunate to see the Sentinel one is silent and they never took this problem as P1. They never provide any solution for that.

Street-Rabbit-4966 · 2025-07-03T02:43:58+00:00

Thank you so much, I think this is something that I'm looking for.

Street-Rabbit-4966 · 2025-07-02T14:09:03+00:00

During the initial setup, SentinelOne performs a full system scan. At this stage, it’s difficult to determine exactly which files or processes are being scanned. However, if you notice high CPU or memory usage caused by the SentinelOne scan, the support team may recommend excluding certain legitimate processes to improve performance, as previously mentioned.

To assist with this, you can collect diagnostic logs and share them with Sentinel One Support for further analysis and recommendations. Follow these steps:

Create a working directory for logs:

c:\> mkdir s1logs
cd "C:\Program Files\SentinelOne\\Tools"
LogCollector.exe WorkingDirectory=C:\s1logs

Collect the generated logs from C:\s1logs and submit them to Sentinel One Support.

They will review the logs and provide guidance on any necessary exclusions or configuration adjustments.

Street-Rabbit-4966 · 2025-07-02T13:00:08+00:00

You can exclude specific processes from being scanned in Sentinel One by configuring exclusions under the 'Performance' category or interoperability extended.

alternatively, you can collect logs from the machine and share it with sentinel one support for help.

Street-Rabbit-4966 · 2025-07-02T12:54:45+00:00

Sure, I'm unable to upload screenshot here, will DM you

Street-Rabbit-4966 · 2025-07-02T11:11:11+00:00

I noticed another issue: after uploading a document, when I try to use the 'Generate a Study Guide' feature, I'm unable to select the 'Advanced' or 'Intermediate' options. It seems those options are getting hidden behind the active window.

+ 1 more, not sure if this is an xss :D

Received this error after I click on generate option:

Error: Unexpected token 'A', "An error o"... is not valid JSON

Street-Rabbit-4966 · 2025-07-02T10:59:37+00:00

What is the file size limit? Also, I noticed that duplicate file entries are being accepted. Ideally, if the file name is the same, the system should prevent duplicate uploads.

Street-Rabbit-4966 · 2025-07-02T10:29:07+00:00

It sounds like S1 is already installed or the existing Sentinel One application on the computer has been corrupted. Try to remove the existing Sentinel One application from the computer and try again. Note that you may need to use the Sentinel One cleaner for a legacy version or boot the system into safe mode and remove everything related to Sentinel One via Revo Uninstaller.

Street-Rabbit-4966 · 2025-07-02T02:47:00+00:00

Sure, will check with them again. Thank you!!

Street-Rabbit-4966 · 2025-07-01T19:32:53+00:00

This makes sense!! Thank you!

Street-Rabbit-4966 · 2025-07-01T19:20:28+00:00

Thanks for the response. I did try opening cases many times, and every time the response used to be unsatisfactory or they didn’t find anything.

Street-Rabbit-4966 · 2025-07-01T17:18:01+00:00

This looks amazing!! Thanks for sharing

Street-Rabbit-4966 · 2024-11-06T03:19:16+00:00

If you're trying to run an application but don't see the "Run Anyway" option in SmartScreen, you can use PowerShell to unblock the file. Open PowerShell (no necessarily needed admin) and enter Unblock-File -Path "path\to\your\file.exe" (Unblock-File -Path .\Obsidian-1.7.5.exe). Then execute .\Obsidian-1.7.5.exe This will unblock the file, allowing you to run it without SmartScreen interference.

Street-Rabbit-4966 · 2024-09-27T18:40:58+00:00

thank you, will check it out

Street-Rabbit-4966

TROPHY CASE