monkey icon indicating copy to clipboard operation
monkey copied to clipboard
verified publisher icon guardicore

Recognize SeninalOne as endpoint AV

Open mssalvatore opened this issue 4 years ago • 1 comments

Is your feature request related to a problem? Please describe. SentinalOne is an enpoint security solution. Infection Monkey does not check for the presence of SentinalOne and produces a false positive alert in the zero trust report.

Describe the solution you'd like Infection Monkey detects the presence of SentinalOne.

Describe alternatives you've considered Do not detect SentinalOne. Monkey will continue to show false positive alerts to users.

mssalvatore avatar Feb 23 '21 15:02 mssalvatore

The whole AV gathering procedure could be potentially improved. Maybe we could utilize a library for AV discovery: https://pypi.org/project/windows-tools.antivirus/ . AV detection should also trigger a new Software discovery attack technique.

VakarisZ avatar Feb 04 '22 15:02 VakarisZ

The Zero Trust report has been removed for now. It will be reimagined and readded at some time in the future.

mssalvatore avatar May 23 '23 17:05 mssalvatore