• JonJonJon
    0
    Anyone having an issue with SentinelOne and MSP360 backup on Windows?

    The 7.3.0.317 installer and the cloud backup scheduler are both getting flagged as malicious.
  • David Gugick
    118
    We have seen that product in the past report managed backup agents incorrectly; false positives. My recommendation is to open a support case with our team and submit the logs so they can review. They may be able to provide a method to whitelist the product in sentinel one.
  • JonJonJon
    0
    Thanks. I've whitelisted it. I'll submit to support. I think the difference with the newer version flagging it is SPN ticket requests are higher.

    Triggers are -

    Ransomware

    Deletes shadow copy
    MITRE : Impact [T1490]
    Evasion

    Non-powershell process loaded powershell module
    MITRE : Execution [T1059.001]
    A new root certificate was added
    MITRE : Defense Evasion [T1553.004]
    Indirect command was executed
    MITRE : Defense Evasion [T1218][T1202]
    Privilege Escalation

    Suspicious Kerberoasting attack. Too many SPN tickets requests
    MITRE : Credential Access [T1558.003]
    Persistence

    Application registered itself to become persistent via service
    MITRE : Privilege Escalation [T1543.003]
    MITRE : Persistence [T1543.003]
bold
italic
underline
strike
code
quote
ulist
image
url
mention
reveal
youtube
tweet
Add a Comment