Anyone having an issue with SentinelOne and MSP360 backup on Windows?
The 7.3.0.317 installer and the cloud backup scheduler are both getting flagged as malicious.
[reply=“JonJonJon;d2489”] We have seen that product in the past report managed backup agents incorrectly; false positives. My recommendation is to open a support case with our team and submit the logs so they can review. They may be able to provide a method to whitelist the product in sentinel one.
Thanks. I’ve whitelisted it. I’ll submit to support. I think the difference with the newer version flagging it is SPN ticket requests are higher.
Triggers are -
Ransomware
Deletes shadow copy
MITRE : Impact [T1490]
Evasion
Non-powershell process loaded powershell module
MITRE : Execution [T1059.001]
A new root certificate was added
MITRE : Defense Evasion [T1553.004]
Indirect command was executed
MITRE : Defense Evasion [T1218][T1202]
Privilege Escalation
Suspicious Kerberoasting attack. Too many SPN tickets requests
MITRE : Credential Access [T1558.003]
Persistence
Application registered itself to become persistent via service
MITRE : Privilege Escalation [T1543.003]
MITRE : Persistence [T1543.003]