We are pleased to announce that Monday, July 8th the Endpoint Detection and Response (EDR) product will be releasing updated macOS and Linux 24.1 Agents for the following consoles:
Consoles:
- https://usea1-swprd1.sentinelone.net/login
- https://usea1-swprd2.sentinelone.net/login
- https://usea1-nabl9.sentinelone.net/
- https://euce1-swprd2.sentinelone.net/login
- https://euce1-nabl8.sentinelone.net/
- https://apne1-swprd3.sentinelone.net/login
We strongly recommend upgrading to these agents as soon as possible to provide the maximum level of protection available. If you are using Automation Manager Policies (AMP) please be sure to update those to the latest available agent.
New and improved in Mac 24.1 GA (24.1.2.7444):
Automatic Scan:
This agent update brings with it Automatic scanning of files on external volumes when connected, including:
- External drives (USB, Thunderbolt)
- Removable media inserted into n internal drive (CD-ROM, SD card)
- Disk images
- Network volumes
Malicious and suspicious files found during scans raise threats in the Management Console and the Agent automatically mitigates them according to the Protection policy.
The macOS agent now supports parallel scans on endpoints:
Parallel scans are now supported on endpoints but note that for full disk and automatic scans there is no limit to the number of simultaneous scans. For on-demand scans initiated manually, you can run up to 10 scans simultaneously. If this limit is reached, you have a pool of 10 pending scans (minus any full disk or automatic scans that are active or pending).
Network Quarantine Hardening:
Added a hardening mechanism so that only SentinelOne-related processes can resolve DNS queries in Network Quarantine. (Previously, any process was able to resolve DNS queries through mDNSResponder or through Network Extension with Network Quarantine enabled.)
To configure, make sure Network Extension is the DNS Monitoring Source:
sentinelctl config DeepVisibility DNSMonitoringSource -int 2
Then, set AlwaysAllowDNSRequestsForAll to false:
sentinelctl config Network AlwaysAllowDNSRequestsForAll -bool false
New and improved in Linux 24.1 GA (24.1.2.6):
Support added for x86 and Arm Agents:
This release brings with it support for: Debian 12.4, Amazon 2023.3, Azure Linux (formerly, CBL-Mariner), Suse 11.x.
And More….
- The Agent now includes a policy package for SELinux environments that you can use if you require a dedicated SentinelOne policy
- The alternative Static AI version was updated with a fix to prevent false positive findings in PDF files when scanned from inside archive files.
- Static file scanning-based detection is supported on file rename events, subject to the on-write static detection policy.
- Improved interactive shell classification to reduce potential false positives by the network_shell detection rule.
- Reverse shell detection improvements.
- New behavioral detection rules
- Updated detection rules – now Suspicious by default
- Bug fixes and improvements.