Sentinel One flagging scheduler and installer
Anyone having an issue with SentinelOne and MSP360 backup on Windows?
The 184.108.40.2067 installer and the cloud backup scheduler are both getting flagged as malicious.
We have seen that product in the past report managed backup agents incorrectly; false positives. My recommendation is to open a support case with our team and submit the logs so they can review. They may be able to provide a method to whitelist the product in sentinel one.
Thanks. I've whitelisted it. I'll submit to support. I think the difference with the newer version flagging it is SPN ticket requests are higher.
Triggers are -
Deletes shadow copy
MITRE : Impact [T1490]
Non-powershell process loaded powershell module
MITRE : Execution [T1059.001]
A new root certificate was added
MITRE : Defense Evasion [T1553.004]
Indirect command was executed
MITRE : Defense Evasion [T1218][T1202]
Suspicious Kerberoasting attack. Too many SPN tickets requests
MITRE : Credential Access [T1558.003]
Application registered itself to become persistent via service
MITRE : Privilege Escalation [T1543.003]
MITRE : Persistence [T1543.003]
Sign in or register to add a comment.
Add a Comment
Welcome to MSP360 Forum!
MSP360 Managed Products
Managed Backup - General
Managed Backup Windows
Managed Backup Mac
Managed Backup Linux
Managed Backup SQL Server
Managed Backup Exchange
Managed Backup Microsoft 365
Managed Backup G Workspace
Backup for Linux
Backup SQL Server
Connect Free/Pro (Remote Desktop)
Cloudberry Explorer Installer Aborts due to .Net framework not found.
Installer hangs when reinstalling (220.127.116.11)
Cloudberry Backup hangs OFTEN!
Cloudberry Found Frozen
Terms of Service
Useful Hints and Tips
Created with PlushForums
© 2023 MSP360 Forum