This guide can be used when SentinelOne starts generating false positives about the Atera agent on your devices being malicious.
You will need to log into your SentinelOne account to whitelist the Atera agent. Once you have successfully logged in, please follow the steps below:
1. Select Sentinels from the sidebar, then go to the Exclusions tab.
2. Set up the new exclusion by selecting New Exclusion > Create Exclusion.
3. Select the Path option in the New Exclusion window.
4. In the Path field add:
- C:\Program Files\ATERA Networks\AteraAgent
- C:\Program Files (x86)\ATERA Networks\AteraAgent
- C:\Windows\Temp\AteraUpgradeAgentPackage
5. Select Suppress Alerts in the Exclusions mode.
6. Save the changes
7. Apply it to the devices.
7. Apply it to the devices.
Note: This behavior might occur with older Atera Agent installations. We recommend keeping the Atera Agent up to date via the known installation methods. Additionally, if the SentinelOne alert references a path with \Config.Msi\ and an .rbf file (e.g., \Config.Msi\1d761.rbf), you might need to whitelist that path as well.