Create path exclusion in SentinelOne
From Notes_Wiki
Home > Security tips > End point security > SentinelOne > Create path exclusion in SentinelOne
Sometimes application such as end-point backup may not work properly if we have SentinelOne based End-point protection as backup tools will try to work with Volume Shadow Copy (VSS) and other OS files. In that case we may have to create interoperability exclusion for the backup tool for it to work properly. To create a path exclusion in SentinelOne use:
- Login into SentinelOne Dashboard
- Go to Sentinels -> Exclusions
- There are two broad types of exclusions
- Hash exclusions
- If executable is already installed then we can exclude its hash. For this we can get SHA1 hash of the file in Windows via Useful Windows cmd options#Calculate_hash_such_as_md5_or_sha1_for_a_file_in_Windows. In MAC / Linux we can use sha1sum command.
- Then click on "Create Exclusion" -> "Create Exclusion"
- Let exclusion type be hash
- Choose appropriate OS platform eg Windows
- Copy the hash calculated in above steps
- Add appropriate description
- Click Save
- Path exclusions
- If we want to exclude a path (typically under C:\Program Files) for a installed program so that it works properly then we need to get the parent path to be excluded along with sub-folders
- Then click on "Create Exclusion" -> "Create Exclusion"
- Change exclusion type to path
- Select appropriate OS platform eg Windows
- Copy the full path to be excluded such as "C:\Program Files (x86)\ParaBlu"
- Enable include sub-folders
- Enable exclude path for alerts and mitigation
- Click on "More options" and select "Interoperability - Extended" option
- Give useful description for the path exclusion requirement
- Click Save
- As per guidelines we may have to reboot the machine for agent to get latest exclusions and for system to work properly.
Refer:
Home > Security tips > End point security > SentinelOne > Create path exclusion in SentinelOne
