Does anyone here use SentinelOne for their AV/EDR solution? We are having an issue where SentinelOne is detecting OpenVPN Connect as a threat and killing it. The odd thing is that it's after a few days of usage and not immediate. I can whitelist it, but I am just wondering if anyone else had this experience and any more information on why this may be.
I'm pasting the threat indicators below, which sound scary but could also just be what the OpenVPN software does:
Evasion
Internal process resource was manipulated in memory
MITRE : Defense Evasion
Indirect command was executed
MITRE : Defense Evasion [T1218][T1202]
Code injection to other process memory space during the target process' initialization
MITRE : Defense Evasion [T1055.012]
MITRE : Privilege Escalation [T1055.012]
Exploitation
Shellcode execution was detected
MITRE : Execution [T1106][T1059]
General
Process started from shortcut file
MITRE : Execution [T1204]
SentinelOne and OpenVPN connect
-
- OpenVpn Newbie
- Posts: 1
- Joined: Fri Jan 14, 2022 9:23 pm
- openvpn_inc
- OpenVPN Inc.
- Posts: 1333
- Joined: Tue Feb 16, 2021 10:41 am
Re: SentinelOne and OpenVPN connect
Hi George,
I'd suggest talking to SentinelOne support about this. We can definitely vouch for our software. Can they vouch for theirs?
regards, rob0
I'd suggest talking to SentinelOne support about this. We can definitely vouch for our software. Can they vouch for theirs?
regards, rob0
OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support