SentinelOne replaces Sophos Antivirus

December 07, 2018

Beginning at the end of 2017, a project was undertaken to evaluate our anti-malware solution, Sophos, and compare it to other solutions available on the market. In testing, SentinelOne proved to be extremely effective in stopping malware, adware and current exploit techniques and was selected to replace Sophos. SentinelOne also has the lightest requirements for system resources such as RAM and CPU usage.

Once our purchase of SentinelOne licenses was complete, ITS began the process of replacing Sophos on UCSC Macs and PCs where it was installed. To date, there are over 3,500 systems on campus using SentinelOne.

Feedback ITS received has been largely positive, but there have been some concerns raised. This information is intended to let you know what to expect from SentinelOne, and what to do if you have questions or concerns regarding the product.

What's different between SentinelOne and Sophos?

SentinelOne doesn't provide end-user interaction with the agent. If users need to unquarantine a falsely flagged item, they will need to contact the ITS Support Center or their regular ITS support person for assistance. The necessary files will quickly be evaluated and removed from quarantine by the administrators of the SentinelOne console. In most cases, the removal of files from quarantine has fixed any seen issues, and in two cases, it took a bit more research to return functionality to a program.

How do I know if I have Sophos or SentinelOne on my computer?

One way to tell is the Sophos icon was replaced by the SentinelOne icon in the system tray for PCs and on the menu bar for Macs for all UCSC managed computers.

What should I do if I see a notice from SentinelOne of malicious malware activity?

There's really nothing you need to do. The ITS security team is automatically notified of any malicious malware activity on any UCSC managed computer and will take appropriate measures. You will be contacted if needed.

A program I use suddenly stopped working after installing SentinelOne. What should I do?

Contact the ITS Support Center or your local ITS staff by emailing help@ucsc.edu or opening a ticket at https://itrequest.ucsc.edu with the name of your system, the system IP address, and the program that has ceased working. Usually you will see a warning popup from SentinelOne, but if you are unsure of why a program may have stopped working, contact ITS for assistance.

I still have Sophos on my system. What should I do?

Please contact the ITS Support Center or your local ITS staff for assistance with removing Sophos and installing SentinelOne by emailing help@ucsc.edu or opening a ticket at https://itrequest.ucsc.edu. The UCSC Sophos AntiVirus contract has expired, and while the client will still provide some protection, it will no longer be updated and will become increasingly vulnerable.

How do I get SentinelOne?

SentinelOne was automatically installed on all UCSC managed computers. If you do not have a UCSC managed computer and need help installing SentinelOne, contact the ITS Support Center or your local ITS staff by emailing help@ucsc.edu or opening a ticket at https://itrequest.ucsc.edu.

If you wish to download and install the client yourself, you can get the Mac client here, and the Windows client here.

NOTE: If you are affiliated with BSOE, Humanities, or Social Sciences, please contact your divisional ITS staff, as a customized site client is used in those divisions.

How do I remove Sophos?

On the Mac, go to Applications and run Remove Sophos Endpoint

For Windows, it's a much more complex process, and it's strongly recommended that you contact the ITS Helpdesk or your local ITS support staff for assistance.

What are the requirements for using SentinelOne?

SentinelOne is licensed only for use on UCSC owned systems.

Mac OS must be OS X 10.10 or later. SentinelOne will not install or work on systems prior to OS X 10.10

Windows systems must be Windows 7 or later. If you are not running a supported OS version, please contact the ITS Helpdesk or your local ITS staff for assistance.

Is SentinelOne available for Linux?

SentinelOne does have a Linux client that offers fairly broad support. It is currently being evaluated to determine how best to make it available for general use.

I have other questions or concerns. Who should I contact?

If you have questions or concerns, please submit a SlugHub ticket at https://itrequest.ucsc.edu, or contact the ITS Support Center by email help@ucsc.edu or telephone 831-459-HELP(4357).