ADVANCE NOTICE: EDR Windows and Linux Agent Update Wednesday, January 12

We are pleased to announce that Wednesday, January 12, the Endpoint Detection and Response (EDR) product will be releasing new agents for both Windows and Linux. The Windows agent will see an update to 21.7 SP1 ( and the Linux agent will see an update to 21.10 GA ( We strongly recommend upgrading these agents as soon as possible to provide the maximum level of protection available.

New and improved in Windows 21.7 SP1 (

This release brings general bug fixes including the resolving the PowerShell module load errors.

For the full list of Bug Fixes please see the Release Notes link below

New and improved in Linux 21.10 GA (

New Supported Distros

Added Support for RHEL 8.5, RockyLinux 8.4, AlmaLinux 8.4 and Debian 11. Please note, To run the System Log Remote Script Orchestration (RSO) script on RockyLinux endpoints, rsyslog must be installed on the endpoint first.

CPU Capping

Introducing the ability to limit and specify the maximum CPU usage of all SentinelOne Agent processes out of the total CPU capacity of an endpoint. Policy Override now offers an additional config parameter to setting CPU use limit.

Suppress Application Control Alerts

The Agent now suppresses repeated threat alerts from executables not part of the original system or container image. Application Control now sends only one foreign executable alert during the configured time period (by default, 24 hours).

  • If Application Control is enabled for Linux servers and containers, this feature is enabled by default.
  • Agent automatically restarts when Application Control is enabled or disabled.
  • To configure using policy override:
  • The logs will show a suppressed alert.

Agent Performance

To further improve Agent performance, we are using the Extended Berkeley Packet Filter (eBPF) to collect operating system telemetry events (where the OS supports it). eBPF features will be enabled gradually over future Agent releases.

This is the eBPF feature of this Agent release: The perf provider is enhanced to track file_close_write and mount events using eBPF.

eBPF is enabled by default. To make sure it is enabled on your 21.10 Agents, run:

For the full list of Bug Fixes please see the Release Notes link below

For full details on all updates please check out our Release Notes:

This entry was posted in N-central. Bookmark the permalink.