SentinelOne Exclusion Requests

 

Audience

Faculty & Staff

Task

The following Knowledge Base article outlines the steps to request an exclusion for applications or files being blocked by the SentinelOne EDR software. SentinelOne Endpoint Detection and Response software is designed to protect our systems by identifying and blocking potential threats. Occasionally, it may flag legitimate applications as threats, causing them to be blocked. If you encounter this issue and need to request an exclusion for an application, please follow the steps outlined below.

Instructions

1. Identify the Need for Exclusion 

Common reasons include: 

  • False positives where the SentinelOne agent mistakenly identifies a safe file as malicious. 

  • Applications that need to operate without interference from the SentinelOne agent. 

2. Submit service request for ITS Cybersecurity to review. 

Initial Review: The Cybersecurity team will review the request to ensure it is legitimate and justified. 

Risk Assessment: A risk assessment will be conducted to evaluate the potential impact of the exclusion. 

Approval/Denial: The request will be approved or denied based on the review and risk assessment. Additional information may be requested if necessary. 

3. Implementation 

Approved Requests: If the request is approved, the Cybersecurity team will implement the exclusion. 

Notification: You will be notified once the exclusion has been implemented or if additional steps are required on your part. 

Outcome

The application or file is no longer blocked by SentinelOne.

Important Considerations

  • Security Risks: Excluding an application from SentinelOne's protection can expose the institution to potential security risks. Please ensure that exclusions are requested only when absolutely necessary.
  • ITS Approval: All exclusion requests must be approved by the ITS Cybersecurity Team. Unauthorized attempts to bypass security measures are prohibited and may result in disciplinary action.