App Review SentinelOne Endpoint Security (with SonicWall)

[ShenguiTurmi]

@Shadowra another sample. can you confirm the sample is working and not detected by S1?

VirusTotal

VirusTotal

www.virustotal.com

raccoon | d2a63c6d9cdda0bc062b61cf77d84259c451edfed1a01401e519bc75cfff7e8e | Triage

Check this raccoon report malware sample d2a63c6d9cdda0bc062b61cf77d84259c451edfed1a01401e519bc75cfff7e8e, with a score of 10 out of 10.

tria.ge

Yes. Not detected by sensor based ML and cloud based hash blacklist.
I don't have the extra licence to install in test environment. So I didn't test if running it would trigger behavioural protection or not.

 

[likeastar20]

Made a thread on reddit, the comments are so dumb. Now i know why S1 has such a good reputation.

 

[Trident]

It has a good reputation because the marketing is brilliant. The product is just one overblown antivirus. I bet if you compare it to Avast Free, Avast will easily blow S1 away. It’s just the EDR that is built well.

 

[likeastar20]

It has a good reputation because the marketing is brilliant. The product is just one overblown antivirus. I bet if you compare it to Avast Free, Avast will easily blow S1 away. It’s just the EDR that is built well.

They are stupid enough to think that my tests are based on VT results. The only mention of VT by me is the link to the file. Like who does tests based on VT results. You know they have no idea what they are talking about when that is the first thing they think of.

 

[Trident]

Does this guy have any evidence that SentinelOne detected the 3CX supply chain malware before anyone else? Or was it someone monitoring the XDR that saw the logs and responded? Many people don’t make difference.

 

[SeriousHoax]

Does this guy have any evidence that SentinelOne detected the 3CX supply chain malware before anyone else? Or was it someone monitoring the XDR that saw the logs and responded? Many people don’t make difference.

This one is actually true. I saw this before the supply chain attack was discovered. Some S1 customers thought it to be a false positive and ignored. But S1 was not the only one, so did ESET and two, three other vendors at least. But of course not every vendor had customers using 3CX or customers who used 3CX and also updated their software to the infected version and was exploited. eg: Bitdefender said that they didn't see any exploitation attempt for their customers.

 

[piquiteco]

@Shadowra A great video as always. Amazing soundtrack, always dynamic, nice to listen to, I liked it. Btw Thanks for the video and to do the SentinelOne test.

 

[piquiteco]

Not detected

Webroot detected after extracting the sample of the compressed file.

Spoiler

 

[ShenguiTurmi]

is there any way i could test your crowdstrike? thanks

They can now purchase directly on the official website, and you can purchase license for 5 devices if you have a company.

 

[likeastar20]

They can now purchase directly on the official website, and you can purchase license for 5 devices if you have a company.

Damn

 

[Sunshine-boy]

it seems Kaspersky free perform better than this expensive combo.