If you are running SentinalOne (an excellent next generation, behavior based malware detection system) you likely know that there no obvious way to temporarily disable it. This is unfortunate, as it would be very handy for testing.
On the bright side, there are two easy-ish ways to disable SentinalOne on a machine without uninstalling it:
A – Disable SentinalOne Using Groups
Create a new GROUP with a policy that has everything turned off, then put the machine in question into that group
B – Disable SentinalOne via command line:
- On the SentinelOne web console, copy the PASSPHRASE
- On the machine in question, right click on the START button and select CMD (AS AN ADMIN) or POWERSHELL (AS AN ADMIN)
- Change directory to
C:\Program Files\SentinelOne\Sentinel Agent <version>
- Enter the command:
sentinelctl unload -a -H -s -m -k "<passphrase>
“
When you are done testing you can re-enable the SentinalOne agent with the command: sentinelctl load -a -H -s -m
.
0 Comments