[Enhancement Request] Auto-locate current version of SentinelOne

[AlexHeylin]

In C:\Program Files\Common Files\Veeam\Backup and Replication\Mount Service\AntivirusInfos.xml the version of SentinelOne is hard coded. This is suboptimal and prevents this from working unless the info in AntivirusInfos.xml is manually kept in sync with the installed version of S1. As S1 upgrades could easily be done by a separate team (security team vs backup team etc) - this is likely to lead to VBR's ability to scan using S1 to be broken when first installed, and to break again each time S1 is upgraded on the mount server.

Code: Select all

<!-- SentinelOne -->
	<AntivirusInfo Name='SentinelOne' IsPortableSoftware='false' ExecutableFilePath='%ProgramFiles%\SentinelOne\Sentinel Agent 22.1.4.10010\SentinelCtl.exe' CommandLineParameters='%Path% /clean-mode=None /no-symlink' RegPath='HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SentinelAgent' ServiceName='SentinelAgent' ThreatExistsRegEx='Threat\s+found' IsParallelScanAvailable='false'>
		<ExitCodes>
			<ExitCode Type='Success' Description='No threats detected'>1639</ExitCode>
			<ExitCode Type='Error' Description='Invalid command line argument'>1</ExitCode>
			<ExitCode Type='Error' Description='Antivirus scan was completed with errors'>2</ExitCode>
			<ExitCode Type='Error' Description='Antivirus scan was canceled'>4</ExitCode>
			<ExitCode Type='Infected' Description='Virus threat was detected'>3</ExitCode>
		</ExitCodes>
	</AntivirusInfo>

Please make this auto detect the correct version / path for the

Code: Select all

ExecutableFilePath ='%ProgramFiles%\SentinelOne\[whatever the latest version on disk is]\SentinelCtl.exe'

e.g for our install, this is currently

Code: Select all

ExecutableFilePath='%ProgramFiles%\SentinelOne\Sentinel Agent 23.2.3.358\SentinelCtl.exe'

[Mildur]

Hi Alex

I believe XML does not provide wildcards in attribute values.
How often do they update the Sentinel Agent?

Best,
Fabian

[AlexHeylin]

Hi Fabian,
Based on the limited data I can get right now - it looks like irregularly 3-4 times a year.
The location of the SentinelCtl is an ongoing pain for scripting etc too. We use a slight inelegant approach, but it works except if S1 version has been rolled back for some reason - which is rare.

Code: Select all

$S1Version = Get-ChildItem "$env:ProgramFiles\SentinelOne\" | sort -Property Name -Descending | select -First 1
$S1Ctl = "$env:ProgramFiles\SentinelOne\$S1Version\SentinelCtl.exe"

Thanks
Alex

[AlexHeylin]

Fabian - please place this on hold as S1 doesn't currently work with VBR anyway, and may prove incompatible completely.
See veeam-backup-replication-f2/surebackup- ... 79506.html

[Mildur]

Hi Alex

Yes, I saw the other post.
I will wait for the conclusion of your other topic before doing research on this request.

Best,
Fabian

[AlexHeylin]

For completeness of this thread. S1 have confirmed their CLI is not suitable for integration with VBR currently. They already have an open enhancement request to make it compatible.
Thanks

[Mildur]

Thank you Alex for letting me know.

Best,
Fabian