SentinelOne Blocking Atera
It looks like this may be a recurring issue but SentinelOne incorrectly labeled Atera as malicious today breaking my remote access to 100+ of my clients computers. I have created some exclusions in SentinelOne but I am still unable to use Atera with the affected clients. I have a ticket open with SentinelOne for this.
Any help is appreciated.
Comments
-
Hello, sorry for the late response -
Indeed, this was a false positive, and has since been resolved and whitelisted by S1.
Are you still having problem with offline endpoints?0 -
Yes. Pretty much every endpoint still shows offline in Atera. There were some that I could still connect to via splashtop despite it showing Offline. However, I just tried a few again and I am still unable to connect.
0 -
the whitelisting by S1 has not resolved anything. Each endpoint must be individual processed in S1, you must unquaranine the endpoint, and force S1 to do a rollback, and if that fails you must surgically remove all traces of AteraAgent from the endpoint machine directly, including all file directories and registry entries, then redeploy your AteraAgent for the endpoint. After that you will now have two endpoints in your Atera with the same name, which I am sure will complicate the reports you generate going forward for your clients.
0 -
Hey,
Please DM your ticket #s with S1, we can help escalate them to assist quicker.
@Tdillon I'm also sharing what you said about the double-entries with my team0 -
hi
we Have a same issue with watchguard EPDR.
my team works on it.0 -
Thanks @c.zaragoza
Flagged my security team, so far we only heard about SentinalOne.
If anyone else is experiencing quarantine issues and blocks with any other service please flag me 🙏
Really appreciate it, I'm sorry this is affecting your work and day2day, we're on this and are working to help.0 -
Hey, please open a ticket with the vendor, and explain your issue, you can also try whitelisting yourself - for that it's best you open a ticket with our support team at support@atera.com
0 -
I think that I am able to get Atera working by disabling SentinelOne and so I don't believe it will require all the steps mentioned by tdillion to resolve.
I have a ticket open with SentinelOne already. Do I need to open a ticket with support@atera.com?
0 -
My ticket is actually with N-able who is reselling SentinelOne.
The N-able ticket is: 02521427
0 -
I'm having the same issue since Friday. I created a hash exclusion and unquarantined the file, I was finally able to get the endpoint to show as online but, the alerts from S1 will not stop, I've gotten over 20,000 emails... My ticket with S1 is #01308431.
0 -
Hey gang,
Some updates -
1. ESET and Panda customers - we've been aware that the Atera version was also falsely picked up by those, Panda have confirmed they are aware and restoring where applicable.
2. Thanks for sharing the ticket #s, I've forwarded with my security team.
I'm once again really sorry about the troubles.0 -
I am just wondering if there are any updates for this?
I just checked things out for one of my clients. This particular client has 4 reception computers. 3 of them are showing as online which is great. The fourth shows as offline. I had that computer rebooted and still shows offline. I tried to connect via splashtop despite it showing offline and it wouldn't connect. I was able to connect to some computers on Friday despite them showing as offline. I'm not sure if any of this information is useful.
On Friday I think nearly 100% of computers for a couple of clients were showing as offline. Currently I suspect that about 50% have come back online. However, I feel that around 80% or more are actually online and showing as offline so the problem isn't quite resolved.
I currently have n-able asking for boat loads of information for them to pass along to SentinelOne but I am assuming that Atera and the folks at SentinelOne are already all aware of this issue and working towards a resolution. I would like to avoid spending the afternoon gathering up all the requested data if I can.
Thanks
1 -
Heya, I've opened a ticket on your behalf with our support to update you and assist with the remaining offline devices and data collection however they can, they might have additional questions so please check your email.
I wish I could help, but I don't want you to fall between the cracks and support have the right funnels with these more elaborate cases.0
Topics
- All Topics
- 42 Getting started
- 26 Read before posting
- 8 Meet and greet
- 259 General
- 72 News and announcements
- 2 Swag
- 1 Roadmap updates
- 84 Resources
- 12 Knowledge Base
- 18 Webinars
- 1 Shared Script Library
- 2 Blog
- 21 Pro Tips
- 28 Got an idea?
- 3 Atera Academy
- 2 ActionAI
- 1 Copilot
- 143 Remote Monitoring and Management
- 85 Remote Monitoring
- 28 Patch Management
- 107 Professional Services Automation
- 65 Helpdesk
- 17 Billing
- 22 Reporting
- 41 Integrations & add-ons
- 22 Integrations
- 11 Add-ons
- 108 Scripting and automations
- 62 Scripts
- 32 Automations