SentinelOne Detects Backup Agent Executable as Malware

Situation

The Backup Agent executable file (Online Backup.exe) is blocked by the SentinelOne anti-virus software after the Backup Agent is installed.

Cause

The SentinelOne anti-virus software defines the Online Backup.exe as a malicious file.

Solutions

Add the Online Backup.exe file to the exclusion list in the SentinelOne.

Select the best option for you:

  • Add exclusion from a detected item
  • Add exclusions before detection
    • Option 1: Exclusion by thumbprint
    • Option 2: Exclusion by a path to the installation folder

Add Exclusion from Detected Item

  1. From SO Level, expand Integrations -> EDR -> Analyze.
  2. Locate the detected Online backup.exe file and click on it.
  3. Select More in the upper right corner, then select Mark as benign action for Online Backup.exe.

Add Exlusion Before Detection

Option 1 (recommended)

  1. Under Hash, select New Exclusion.

  1. Under Exclusion Type, select Hash.
  2. In the OS drop-down list, select Windows.
  3. Enter the SHA1 thumbprint ef6439fc45c8031e514dd7d445d1b8babf474e9b.
  4. Enter a description for exclusion.
  5. Click Save.

Option 2

  1. Under Path, select New Exclusion.

  1. Under Exclusion Type, select Path.
  2. In the OS drop-down list, select Windows.
  3. Enter the path to the Backup Agent installation folder, then select Include Subfolders.
  4. Select More Options, then select Suppressed All.
  5. Enter a description for exclusion.
  6. Click Save.
https://git.cloudberrylab.com/egor.m/doc-help-kb.git