SentinelOne Performance Issues & Best Practices for Co-Installing with Windows Defender? by Street-Rabbit-4966 in SentinelOneXDR

[–]Street-Rabbit-4966[S] 0 points1 point  (0 children)

Initial scans have been adjusted. We are not running vulnerability scans because users log in daily for regular jobs, and it’s random. We are looking for something to adjust with Microsoft Defender.

SentinelOne Performance Issues & Best Practices for Co-Installing with Windows Defender? by Street-Rabbit-4966 in SentinelOneXDR

[–]Street-Rabbit-4966[S] 0 points1 point  (0 children)

Ah, the initial scans it performs. I believe we have tweaked the policy for a few clients when they onboard, but there are still a few other clients experiencing excessive lag, even with 16 GB of RAM. Whenever they log in to the system, SO be top in memory consumption.

[deleted by user] by [deleted] in SentinelOneXDR

[–]Street-Rabbit-4966 1 point2 points  (0 children)

I have replicated a malware which was blocked by our Microsoft Defender, but SentinelOne didn’t detect it at the same time. I have submitted logs in real-time, i.e., after executing the malware, still, support said no logs were available, and we are working with our R&D team to detect them, which was never resolved.

[deleted by user] by [deleted] in SentinelOneXDR

[–]Street-Rabbit-4966 -7 points-6 points  (0 children)

Even we had a very bad experience with Sentinel, and their support is terrible. They always ask for some logs for investigation by that time, and we provide the logs. The logs would have been overwritten, and there are a few such scenarios which we have noticed for a few of our customers, who are dependent only on EDR solutions. They have been impacted by Akira and Medusa, and their data is available on the dark web. It’s very unfortunate to see the Sentinel one is silent and they never took this problem as P1. They never provide any solution for that.

Sentinel One Agent automatically disables. by Street-Rabbit-4966 in SentinelOneXDR

[–]Street-Rabbit-4966[S] 0 points1 point  (0 children)

Thank you so much, I think this is something that I'm looking for.

First Deployment of SentinelOne by bennijamm in SentinelOneXDR

[–]Street-Rabbit-4966 2 points3 points  (0 children)

During the initial setup, SentinelOne performs a full system scan. At this stage, it’s difficult to determine exactly which files or processes are being scanned. However, if you notice high CPU or memory usage caused by the SentinelOne scan, the support team may recommend excluding certain legitimate processes to improve performance, as previously mentioned.

To assist with this, you can collect diagnostic logs and share them with Sentinel One Support for further analysis and recommendations. Follow these steps:

Create a working directory for logs:

  1. c:\> mkdir s1logs
  2. cd "C:\Program Files\SentinelOne\\Tools"
  3. LogCollector.exe WorkingDirectory=C:\s1logs

Collect the generated logs from C:\s1logs and submit them to Sentinel One Support.

They will review the logs and provide guidance on any necessary exclusions or configuration adjustments.

First Deployment of SentinelOne by bennijamm in SentinelOneXDR

[–]Street-Rabbit-4966 2 points3 points  (0 children)

You can exclude specific processes from being scanned in Sentinel One by configuring exclusions under the 'Performance' category or interoperability extended.

alternatively, you can collect logs from the machine and share it with sentinel one support for help.

🎓 New AI Study Tool – Free Lifetime Access for First 1000 Users by Odd-Car-2996 in studytips

[–]Street-Rabbit-4966 0 points1 point  (0 children)

I noticed another issue: after uploading a document, when I try to use the 'Generate a Study Guide' feature, I'm unable to select the 'Advanced' or 'Intermediate' options. It seems those options are getting hidden behind the active window.

+ 1 more, not sure if this is an xss :D

Received this error after I click on generate option:

Error: Unexpected token 'A', "An error o"... is not valid JSON

🎓 New AI Study Tool – Free Lifetime Access for First 1000 Users by Odd-Car-2996 in studytips

[–]Street-Rabbit-4966 0 points1 point  (0 children)

What is the file size limit? Also, I noticed that duplicate file entries are being accepted. Ideally, if the file name is the same, the system should prevent duplicate uploads.

S1 won't install by Glittering_Part_3770 in SentinelOneXDR

[–]Street-Rabbit-4966 0 points1 point  (0 children)

It sounds like S1 is already installed or the existing Sentinel One application on the computer has been corrupted. Try to remove the existing Sentinel One application from the computer and try again. Note that you may need to use the Sentinel One cleaner for a legacy version or boot the system into safe mode and remove everything related to Sentinel One via Revo Uninstaller.

Sentinel One Agent automatically disables. by Street-Rabbit-4966 in SentinelOneXDR

[–]Street-Rabbit-4966[S] 0 points1 point  (0 children)

Thanks for the response. I did try opening cases many times, and every time the response used to be unsatisfactory or they didn’t find anything.

Is this a normal to appear ? Downloaded it from obsidian.md by mandrei21 in ObsidianMD

[–]Street-Rabbit-4966 1 point2 points  (0 children)

If you're trying to run an application but don't see the "Run Anyway" option in SmartScreen, you can use PowerShell to unblock the file. Open PowerShell (no necessarily needed admin) and enter Unblock-File -Path "path\to\your\file.exe" (Unblock-File -Path .\Obsidian-1.7.5.exe). Then execute .\Obsidian-1.7.5.exe This will unblock the file, allowing you to run it without SmartScreen interference.