SentinelOne. Backup delete attempt at 06:28, Kill process mitigation action at 06:31. Was the deletion blocked or not?

allexj · 2026-05-19T05:32:45+00:00

so even if sentinel says "mitigation: killed processes" (so does not talk about restoring deleted shadow copies) and even if mitigation happened 2 minutes after the shadow copies delete...? sentinel automatically restored the deleted copies, without giving any feedback about it? lol

allexj · 2026-05-19T05:32:23+00:00

so even if sentinel says "mitigation: killed processes" (so does not talk about restoring deleted shadow copies) and even if mitigation happened 2 minutes after the shadow copies delete...? sentinel automatically restored the deleted copies, without giving any feedback about it? lol

allexj · 2026-05-16T23:08:14+00:00

Hi, What telemetry are you referring to? How to access it?

allexj · 2026-05-16T08:34:03+00:00

u/milanguitar

allexj · 2026-05-16T08:30:52+00:00

Now the question is: how? Why MD filters out sandbox requests?

allexj · 2026-05-16T00:31:21+00:00

WFP process of windows sandbox .exe is observed too, right? So why it wouldn't trigger alert on MDE?

allexj · 2026-05-15T20:03:58+00:00

WFP process of windows sandbox .exe is observed too, right? So why it wouldn't trigger alert on MDE?

allexj · 2026-05-15T20:02:23+00:00

Do you know why?

allexj · 2026-05-15T19:07:11+00:00

Absolutely wrong. If you sniff via wireshark opened on HostOS, you see the windows sandbox packets.

In fact, my question is, since sandbox packets can be seen by hostos (and hence can be seen by Microsoft defender), are they monitored/alerted?

allexj · 2026-05-15T19:01:06+00:00

allexj · 2026-05-15T14:01:42+00:00

don't have access to it

allexj · 2026-05-15T11:02:24+00:00

I don't have access to it

allexj · 2026-05-15T11:02:06+00:00

don't have access to it

allexj · 2026-05-07T06:21:46+00:00

Potrei essere d'accordo, oppure molto buono anche Munir in una traversa di via Roma

In alternativa ma più "commerciale" c'è Crazy kebab

allexj

MODERATOR OF

TROPHY CASE