Excluding Capture Client from Anti-Virus

Description

If you have a third-party Anti-Virus installed on endpoints, it might block SentinelOne engine of Capture Client.

Resolution

To let Capture Client co-exist with other security vendors:

  1. See the vendor documentation to learn how to exclude applications from their security blocks.

  2. Exclude these files and folders on the related operating system.

macOS:

  • /Library/Sentinel/

  • /Library/Extensions/Sentinel.kext

Windows:

  • C:\Programdata\sentinel\

  • C:\Program Files\SentinelOne\Sentinel Agent version\

    Note:  The version number is in the format: x.x.x.xxxx. For example: 

    "C:\Program Files\SentinelOne\Sentinel Agent 2.6.4.5961"

Linux:

  • /etc/selinux/targeted/active/modules/400/sentinelaudispd

  • /sys/fs/cgroup/devices/system.slice/sentineld.service

  • /sys/fs/cgroup/systemd/system.slice/sentineld.service

  • /usr/local/sentinelagent/

These KB articles might be helpful:

  • https://support.symantec.com/en_US/article.TECH104526.html

  • https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/app-id/use-application-objects-in-policy

  • https://support.norton.com/sp/en/us/home/current/solutions/v6958602_ns_retail_en_us

  • https://docs.webroot.com/us/en/home/wsa_pc_userguide/Content/ManagingQuarantine/BlockingOrAllowingFiles.htm

  • https://community.f-secure.com/t5/Business/Excluding-objects-from-Real-Time/ta-p/66013

Related Articles

  • Capture Client - System Requirements
    Read More
  • Capture Client – Migrate local CMC user login to MySonicWall account login
    Read More
  • Integration of CFS 5.0 Support in Capture Client
    Read More

Categories

Endpoint Security
Capture Client
Network
not finding your answers?
Ask the Community