Malware is designed to modify or destroy your data. Unitrends is designed to protect and restore your precious data. SentinelOne doesn’t know the difference between the bad guys and Unitrends, it just knows something is trying to touch something, that it believes shouldn't. Therefore, you will need to show SentinelOne what belongs to Unitrends so that it doesn't stop the backup/recovery process.
Following was confirmed working with the SentinelOne Agent version 4.2 (minimum)
STEP 1: In the SentinelOne Management Console
Click Settings > Exclusions > Path
Add the following and choose the Exclusion Mode of Interoperability - extended (minimum) and include subfolders.
-
C:\PCBP\
-
C:\unicbt\
-
C:\Unitrendsvcbt\
If backup performance is poor and/or you continue to experience random backup errors, choose the Exclusion Mode of "Performance Focus - extended". If this final setting works, contact SentinelOne Support. You may need to provide to them the latest Unitrends Client Agent for Windows.
NOTE 1: Unitrends Volume CBT driver is a Kernel mode driver which may require
Performance Focus or higher.
NOTE 2: Unitrends Hyper-v CBT driver is a MiniFilter driver and may require
Performance Focus or higher.
Restart this Server and verify the changes took place.
STEP 2: Using an elevated Administrative Command Prompt, execute the instructions and commands below:
- Change to the directory where SentinelOne installed at.
(default is c:\program files\sentinelone\sentinel agent x.x.x.x\ where x.x.x.x is the version that you are running.) -
Use the sentinelctl.exe to tell the SentinelOne agent to disable the agent's proprietary vss writers and use the standard Windows VSS writers instead. Execute the command below based on the release of SentinelOne you are using:
- Once completed, restart the server one final time.
-
You can now begin your backups (recommend you start with an On-demand 1-Time Full to ensure we get all the data that has been missed.