Sentinel one EDR

jcleary99

Hey Guys, Is there any Guidance from Atera for Customers that use Sentinel One EDR? I'm constantly getting alerts from S1, and its disabling Atera. What are the chances we can get Atera added to Sentinel One's exclusion catalog? Pretty Please?

Thanks!

gdarino

It would be nice if Atera worked with S1 to be included in the Exclusion catalog. In the meantime, I simply added the following exclusions to resolve the issue:

NOTE: Two separate exclusions, one for each path.

Exclusion Type: Path and subfolders

OS: Windows

Path: C:\Program Files (x86)\Atera Networks\

Path: C:\Program Files\Atera Networks\

Mode: Interoperability - Extended

S1 was also flagging the installation script so I hashed the script and added a Hash Exclusion type entry with the Hash from my script.

I have not had any issues since.

NOTE: I've read in another thread related to Bitdefender that Atera support allegedly recommended adding a path exclusion for C:\Windows\Temp\AteraUpgradeAgentPackage\. S1 does not recommend this because it includes the windows temp folder. It will let you create it but a caution bubble will be visible in the value field in dashboard. I opted to not include it and have not had any issues so far.

nina

Hi @jcleary99 - I spoke with our Security Team; there are no issues with Atera in the latest SentinelOne update.

If you are still experiencing issues, you can whitelist Atera by adding the following paths:
   C:\Program Files\Atera Networks (or C:\Program Files (x86)\ATERA Networks for 32bit)
   C:\Windows\Temp\AteraUpgradeAgentPackage

You may need to enable or add an exemption policy for scanning password-protected ZIP files, or allow unscannable content to pass.

For more information, click here.