Recommended Configuration Change to Mitigate a Potential Attack Bypassing SentinelOne EDR.

Posted on May 7, 2025 by pavanmudalagi

To improve control and security around Windows Agent upgrades and downgrades, we recommend enabling Local Upgrade Authorization. Turn it on for your Sites in the Management Console.

Why It Matters

Local Upgrade Authorization acts as a safeguard when Windows Agents are upgraded or downgraded locally. When this setting is enabled for a Site, local upgrade actions are only allowed during approved timeframes and if the Site has been authorized in advance. If these conditions aren’t met, the upgrade or downgrade attempt will be blocked — helping prevent unauthorized or unintended changes.

This is especially useful in environments where Agents are deployed or updated using tools like SCCM, Intune, N-Sight, N-Central or Group Policy, offering an added layer of protection and reducing the risk of accidental or unmanaged updates.

Key Details

  • Available for Windows Agent versions 22.3+
  • Only supported with SentinelOneInstaller EXE packages
  • MSI installers are not supported — attempts using them will fail
  • Applies to upgrades done via:
    • Double-clicking the installer
    • Running it from the command line
    • Using deployment tools

How to Get Started


Local Upgrade Authorization can be turned on at Account, Site or Group level from the Management Console. It is recommended to enable this setting for all non inherited policies. Once enabled, upgrade windows and Site-level authorization must be configured for local actions to succeed.
To determine if a policy is inheriting or not, and enable the setting:

1. At the top left of the Console, click the arrow to open the Scopes panel and select a scope, either Account, Site or Group.
2. In the Sentinels toolbar, click Policy.
3. If the icon at the top of the policy says Inhertied from global | account | site default policy, this policy is inherited and you do not need to make a change.
4. If the icon at the top of the policy says Last modified <time> ago, this policy is not inherited. In the Agent settings, set Local Upgrade/Downgrade: Online Authorization to ON.

As it may be a time-intensive process to enable this setting across all non-inherited policies, N-able has created a script which will automate this process. Click EDR Enable Online Authorization to download the script package containing the PowerShell script and instruction PDF.

Please refer to the ⁠documentation on enabling Local Upgrade Authorization.

Additional Recommendation:

To further enhance your security, we advise updating all EDR agents to the latest version. Utilising the auto-upgrade functionality can ensure smooth and timely updates. For more details, please refer to our updated documentation.

Please note:

Enabling the Upgrade authorization modifies the approval process within the Management Console, making it necessary for approvals to be in place before local upgrades can occur. This increases accountability and auditability in upgrade processes.

Activating local upgrade authorization might affect automated scripts that perform upgrades or downgrades, especially those using tools like SCCM or similar deployment mechanisms. As these scripts traditionally execute upgrades without additional prompts, requiring authorization could necessitate script modifications.

Posted in EDR, N-central, N-sight | Comments Off on Recommended Configuration Change to Mitigate a Potential Attack Bypassing SentinelOne EDR.

Patch Management Engine (PME) 2.13.1RC

Posted on May 7, 2025 by Chris Dunsmore

We’re pleased to announce that a new version of PME will be released to RC today, accessible exclusively through the N-central RC patch profile option until it reaches General Availability.

This release addresses the issue where ESU updates are detected on devices where they are not supported and then fail to install.

Within the update we have implemented a detection mechanism to verify if an OS is licensed for Extended Support by querying WMI. If no license is found, we will not provide the extended support updates to the device.

Posted in N-central | Comments Off on Patch Management Engine (PME) 2.13.1RC

Recommended Configuration Change to Mitigate a Potential SentinelOne EDR Attack 

Posted on May 7, 2025 by Joe Kern

We have been made aware of an attack that bypasses SentinelOne EDR through the execution of a local SentinelOne installer. We recommend following SentinelOne’s instructions to enable the “Online Authorization” setting for “Local Upgrade/Downgrade,” as doing so mitigates this attack effectively.  

Please see this blog for more details and specific instructions. 
https://www.sentinelone.com/blog/protection-against-local-upgrade-technique-described-in-aon-research/  

Please note that while this is not a security issue within our N-able products, we take this issue seriously and we are committed to ensuring that you have the information you need to protect your users. 

Posted in N-central, N-sight, Security Notices | Comments Off on Recommended Configuration Change to Mitigate a Potential SentinelOne EDR Attack 

April in Review: What’s new in Adlumin

Posted on May 1, 2025 by carlagajdecki

We’re pleased to share the latest updates and improvements this month for Adlumin. Our team has been working diligently to improve performance, enhance functionality and address key issues. Below are the highlights of this month’s updates. For more detailed information, please refer to the full documentation.

Continue reading
Posted in Adlumin, N-central, N-sight | Comments Off on April in Review: What’s new in Adlumin

N-able Mail Assure: April Features and Updates Release

Posted on April 28, 2025 by dorinatoba

We are pleased to announce new enhancements to the Incoming – Blocking Filtering Rules module, including the possibility to easily configure a rule preventing spear phishing – CEO Fraud. 

This filtering rule allows you to enhance protection for high-value email addresses such as CEOs, CFOs, finance teams, etc. which are typical targets for social engineering attacks using a spoofed display name.

Over the next two weeks, we will be enabling the following options to enhance your experience in configuring rules to prevent spear phishing attacks:

Continue reading
Posted in Mail Assure | Tagged , | Comments Off on N-able Mail Assure: April Features and Updates Release

Cove 25.4 External Preview of System State Backup and Recovery for Linux

Posted on April 23, 2025 by garretstegeland

This newest release from the Cove Product Management and Engineering team consists of enhancements to both our notification services and the Microsoft 365 backups.  Additionally, there have been new features and improvements to our continuity offering within Stand-by image and one-time restore. 

Continue reading
Posted in Backup (N-central), Backup (RMM), Cove Data Protection, Cove Data Protection release notes, Cove Data Protection service updates | Comments Off on Cove 25.4 External Preview of System State Backup and Recovery for Linux

N-central: Announcing the end of life of the Analytics Patch Status dashboard

Posted on April 22, 2025 by Ingrid Nylander

We’re letting you know of some upcoming changes to the Patch Status dashboard in N-central Analytics.

What is happening?

On June 20th, 2025 the Patch Status dashboard in N-central Analytics will no longer be available. This includes any custom dashboards created from the Patch Status dashboard and any schedules created for both.

The Patch Audit Log and Patch Lifecycle (Compliance) data models in Direct Data Access are unaffected.

Why is this happening?

Last year we released the Patch Compliance dashboard which allows us to better show the status of patch compliance at a point in time, the most common patch related use case among our partners.

To avoid confusion by having two dashboards that appear similar but answer different questions we have made the decision to end of life the Patch Status dashboard.

How does this impact you?

This depends on your patch analytics and reporting needs, and how you currently use Analytics to achieve them.

Already using Patch Compliance

If you are already using the Patch Compliance dashboard or have made custom dashboards from it, there is nothing you need to do. Your 7 default dashboards will become 6, but the Patch Compliance dashboard remains available and unaffected.

Using Patch Status or custom versions

If you have been using the default Patch Status dashboard, or custom versions of it, we’d recommend you start using the Patch Compliance dashboard as soon as possible. You may still want to create a custom version of the Patch Compliance dashboard depending on your needs and should leave yourself some time to implement this. We’d recommend that you don’t compare the data between the two dashboards however. Due to the underlying difference in how the data is modelled the numbers will rarely be the same.

Using Direct Data Access

If you are primarily using Direct Data Access for your patch analysis and reporting you will still be able to use the older data model but may want to assess if your use case is to understand the sequence of patch status changes or to understand the patch compliance at a point in time and make sure you are using the appropriate data model (see below).

What is the difference between the two dashboards and data models?

The Patch Status dashboard uses a data model that tracks each patch status change that occurs, like an audit log. This is useful if you need to e.g. provide evidence as part of an insurance claim. However, all statuses and status changes are treated equal making it difficult to identify where in its lifecycle a patch is.

The Patch Compliance dashboard uses a data model that aggregates the status changes by patch and is aware of the relationship between patch statuses, making it easier to understand where in the ‘lifecycle’ a patch was at a given point in time.

Posted in N-central | Tagged , | Comments Off on N-central: Announcing the end of life of the Analytics Patch Status dashboard

N-Central: Public Preview for Vulnerability Management view

Posted on April 16, 2025 by Geoff Green

Following up on our release of Vulnerability Management for N-sight, we’re excited to release a preview of N-able Vulnerability Management views within N-Central! With this new capability, we’re N-hancing your ability to identify, prioritize, and remediate software application vulnerabilities in your managed environment. You can learn more about the new view here: Vulnerability Management (preview).

And you can join the discussion in the N-able Vulnerability Management Preview Group on N-able.me.

With this new capability, we’re excited to expand the capabilities of the Modern Agent to scan for software vulnerabilities and provide you with a dashboard that not only displays all the vulnerabilities across your Windows systems but also allows you to filter and sort them to create custom prioritization lists by blending multiple data points like device type, risk score, CVE, and client/site information.

With our robust filter builder, you can configure the view to match your specific needs, ensuring that you always have the most relevant information at your fingertips. You can quickly identify which vulnerabilities need immediate attention and which ones can be scheduled for later.

Screenshot of the N-able N-central dashboard displaying the Vulnerability Management view with a filter builder interface for sorting vulnerabilities by severity and affected products.

We also look forward to releasing additional capabilities in the coming weeks like application scanning  for Linux and Mac OS X, Grouping by CVE, CVE Details, and Export to CSV.

Release Schedule:

  • N-central Cloud Hosted: 2025-04-16 21:30 GMT
  • N-central On-Premise: 2025-04-22 21:00 GMT

Hosted System Requirements:

  • A hosted N-able Login or N-able Login with Entra ID 

On-Premise System Requirements:

Posted in N-central | Tagged , | Comments Off on N-Central: Public Preview for Vulnerability Management view

N-sight: Public Preview for Vulnerability Management view

Posted on April 14, 2025 by danielsylvester723b460d01

With the release of N-able Vulnerability Management views within N-sight, we’re N-hancing your ability to identify, prioritize, and remediate software application vulnerabilities in your managed environment. You can learn more about the new view here: Vulnerability Management (preview).

And you can join the discussion in the N-able Vulnerability Management Preview Group on N-able.me.

With this new capability, we’re excited to expand the capabilities of the Modern Agent to scan software vulnerabilities and provide you with a dashboard that not only displays all the vulnerabilities across your Windows systems but also allows you to filter and sort them to create custom prioritization lists by blending multiple data points like device type, risk score, CVE, and client/site information.

With our robust filter builder, you can configure the view to match your specific needs, ensuring that you always have the most relevant information at your fingertips. You can quickly identify which vulnerabilities need immediate attention and which ones can be scheduled for later.

We also look forward to releasing additional capabilities in the coming weeks like application scanning  for Linux and Mac OS X, Grouping by CVE, CVE Details, and Export to CSV.

Release Schedule:

  • APAC: 2025-04-14 21:30 GMT
  • EMEA: 2025-04-16 21:00 GMT
  • North America: 2025-04-16 21:00 GMT

Posted in N-sight | Tagged , | Comments Off on N-sight: Public Preview for Vulnerability Management view

Cloud Commander: April 8, 2025 Release

Posted on April 8, 2025 by Mike Weaver

Exciting new features and performance enhancements for Cloud Commander, including N-able login and a tenant onboarding tracker. These new enhancements will add additional streamline and contextual support information to assist partners adopting and adding tenants under management.  Additionally, N-able Login support will help unify N-able’s UEM’s with comprehensive multi-tenant management of Microsoft’s Cloud.

Continue reading
Posted in Cloud Commander | Comments Off on Cloud Commander: April 8, 2025 Release