General
1. What is the purpose of the data collected?
Data collected will only be used for protection against security threats.
2. Who can access the data?
Access to information is limited to authorized parties (e.g. administrators of the platform).
3. Where does the data get stored?
S1 data is stored in the cloud within their software as a service (SaaS) service in Canada.
4. How long does the data get stored?
S1 data is stored for up to 30 days at the S1 cloud service and 90 days within our Security Information and Event Management (SIEM) environment.
5. Why was my unit and my device chosen for the pilot?
Your unit has joined the pilot to enable advanced anti-virus protection for end users within the unit. As a unit member, you have been chosen to receive this critical security protection. This is one of the steps to protect individuals against security threats.
Privacy
6. Will S1 track my activity and personal use of my device(s)?
The University does not use S1 to watch an individual’s personal use of the University networks or devices. The University will not use this data to support investigations related to employee productivity, attendance/activity and any other general monitoring of behaviour not directly associated with security threat protection at the University.
7. Will someone have access to view the files or personal content on my device(s)?
Designated Information Security staff will interact with the data only if a security threat alert has been triggered. S1 uses artificial intelligence to analyze basic file data such as file name, size and file hashes to find potentially malicious files. Still, it does not analyze content data beyond threat detection. This is consistent with best practices to mitigate against constantly evolving cyber threats.
Technical
8. Are we creating S1 rules to block internet access once a virus is detected on a computer?
No. S1 is a SaaS Solution and always requires access to the internet. If a machine has a virus/malware, it may be placed in ‘quarantine’ mode depending on the policy applied against a particular set of machines.
9. Which license (basic/enhanced/advanced) should we choose for test computers?
The advice is to start with an advanced license first for managed endpoints. However, if the testing machine only deals with non-sensitive data, then a case can be made for the use of enhanced licenses.
10. Should we remove other anti-virus solutions before deploying S1 on a computer so it doesn’t slow down the performance?
Yes. Otherwise, it might interfere with the performance of the machine.
11. Should we recommend S1 for personal computers and manage them on S1 console centrally by IT?
Yes. However, careful consideration needs to be given to how this would be paid for, deployed and supported by the different divisions. Another consideration might be privacy.
The project team will be looking at deploying EDR to some student computer labs, which run on Windows, Mac and Linux, each having its system administrator.
12. Is there any documentation available on how to deploy the agents?
Not yet. This is part of the documentation provided by professional services (i.e., the vendor).
13. Can multi-factor authentication (MFA) be used to access the console?
If it's UTORauthed, then yes, DUO is inherited.
14. Is the management console web-based or do we need to deploy the Sentinel console on our VMware host server?
It is web-based.
15. Does S1 support VMware host server?
Yes, S1 supports VMware host server, but it would require a separate license.
16. How do I learn more about the S1 product and how it works?
You can register for the free S1 basic admin training that runs weekly:
- S1 Part 1 welcome training – runs Tuesdays at 10 a.m.PST
- S1 Part 2 welcome training – runs Thursdays at 10 a.m.PST
17. Does S1 support Linux?
In addition to the operating systems listed below, SentinelOne also provides dedicated agents for K8s and NetApp.
| Platform | OS | Version |
|---|---|---|
| Windows | Windows Server Core | 2022, 2019, 2016, 2012 |
| Windows | Windows Server | 2022, 2019, 2016, 2012 R2, 2012, 2008 R2 SP1 |
| Windows | Windows Storage Server | 2016, 2012 R2, 2012 |
| Windows | Windows 7 SP1, 8, 8.1, 10, 11 | 32/64-bit |
| Windows Legacy | Windows XP | SP3 or later (KB968730), 32/64-bit NTFS/FAT32 |
| Windows Legacy | Windows Server 2003 | SP2 or later, or R2 SP2 or later, (KB968730), 32/64-bit |
| Windows Legacy | Windows 2008 | (Pre-R2) |
| Windows Legacy | Windows Server 2008 | x64 - Only with Agent version 2.1.0.93, (KB4474419) |
| Windows Legacy | Windows Embedded POSReady 2009 | |
| Linux | CentOS | 8.0 - 8.4, 7.0 - 7.9, 6.4+ |
| Linux | Red Hat Enterprise Linux (RHEL) | 9.0 - 9.1, 8.0 - 8.7, 7.0 - 7.9, 6.4+ |
| Linux | Ubuntu | 22.04, 20.04, 19.10, 19.04, 18.04, 16.04, 14.04 |
| Linux | Amazon | Amazon Linux 2, AMI 2018, AMI 2017 |
| Linux | SUSE Linux Enterprise Server | 15.x, 12.x |
| Linux | Debian | 11, 10, 9, 8 |
| Linux | Virtuozzo | 7 |
| Linux | Scientific Linux | 7.6 |
| Linux | AlmaLinux | 9.0 - 9.1, 8.4 - 8.7 |
| Linux | RockyLinux | 9.0 - 9.1, 8.4 - 8.7 |
| Linux | Oracle | 9.0, 8.0 - 8.7, 7.0 - 7.9, 6.9 - 6.10 |
| Linux | Fedora | 32 - 37, 31 (starting with kernel 5.5.x), 25 - 30 |
| Linux ARM | RHEL | 9.0 - 9.1, 8.4-8.7 |
| Linux ARM | Amazon Linux | 2 |
| Linux ARM | Ubuntu | 22.04, 20.04, 18.04 |
| Linux ARM | SUSE | 15.x |
| Linux ARM | CentOS | 8.3 |
| Linux ARM | Alma Linux | 9, 8.7, 8.6 |
| Linux ARM | Rocky Linux | 9, 8.7, 8.6 |
| Linux ARM | Debian | 11, 10 |
| MacOS | Ventura | 13.0 - 13.2 |
| MacOS | Monterey | 12.0 - 12.6.3 |
| MacOS | Big Sur | 11.0 - 11.7.3 |