Description

Windows Agent is starting in AgentMode mode. Agent version ProductVersion, running on Windows WindowsVersion.

Message #

Windows Agent is starting in %3 mode. Agent version %1, running on Windows %2.

Fields #

Description

Policy was changed in the Console.

Message #

Policy was changed in the Console:



%1

Description

Policy was changed with override commands.

Message #

Policy was changed with override commands:



%1

Description

Failed to register with management because it no longer exists. Not retrying.

Message #

Failed to register with management because it no longer exists. Not retrying.

Fields #

Description

Failed to register with management: Reason (ErrorCode). Retrying in RetrySeconds seconds.

Message #

Failed to register with management: %1 (%2). Retrying in %3 seconds.

Fields #

Description

Threat remediation: Failed to delete file FilePath because it was already deleted.

Message #

Threat remediation: Failed to delete file %1 because it was already deleted.

Fields #

Description

Threat remediation: Failed to delete file FilePath.

Message #

Threat remediation: Failed to delete file %1.

Error: %2

Fields #

Description

Threat remediation: Failed to rename file SourceFilePath to DestinationFilePath because the file was deleted.

Message #

Threat remediation: Failed to rename file %1 to %2 because the file was deleted.

Fields #

Description

Threat remediation: Failed to rename file SourceFilePath to DestinationFilePath because the file's parent directory does not exist.

Message #

Threat remediation: Failed to rename file %1 to %2 because the file's parent directory does not exist.

Fields #

Description

Threat remediation: Failed to rename file SourceFilePath to DestinationFilePath because the destination path already exists.

Message #

Threat remediation: Failed to rename file %1 to %2 because the destination path already exists.

Fields #

Description

Threat remediation: Failed to rename file SourceFilePath to DestinationFilePath.

Message #

Threat remediation: Failed to rename file %1 to %2.

Error: %3

Fields #

Description

Threat remediation: Failed to restore file FilePath to timestamp DesiredTimestamp because no snapshots were found up to the desired period.

Message #

Threat remediation: Failed to restore file %1 to timestamp %2 because no snapshots were found up to the desired period.

Fields #

Description

Threat remediation: Failed to restore file FilePath to timestamp DesiredTimestamp because it is being used by another process.

Message #

Threat remediation: Failed to restore file %1 to timestamp %2 because it is being used by another process.

Fields #

Description

Threat remediation: Failed to restore file FilePath to timestamp DesiredTimestamp because access was denied.

Message #

Threat remediation: Failed to restore file %1 to timestamp %2 because access was denied.

Fields #

Description

Threat remediation: Failed to restore registry value (key: RegistryKeyPath, value: Value) because it does not exist.

Message #

Threat remediation: Failed to restore registry value (key: %1, value: %2) because it does not exist.

Fields #

Description

Threat mitigation: Failed to kill malicious processes because the true context does not exist.

Message #

Threat mitigation: Failed to kill malicious processes because the true context does not exist.

Description

Threat mitigation completion after reboot requested another reboot.

Message #

Threat mitigation completion after reboot requested another reboot.

True Context ID: %1, Mitigation action: %2

Fields #

Description

Threat mitigation: Not killing process ProcessName (Path: ProcessPath, Process ID: ProcessID) due to relation Relation.

Message #

Threat mitigation: Not killing process %1 (Path: %2, Process ID: %3) due to relation %4.

Fields #

Description

Threat mitigation: Cannot kill process ProcessName (Path: ProcessPath, Process ID: ProcessID) because it is a core OS process.

Message #

Threat mitigation: Cannot kill process %1 (Path: %2, Process ID: %3) because it is a core OS process.

Fields #

Description

Threat mitigation: Cannot kill process ProcessName (Path: ProcessPath, Process ID: ProcessID) because it is signed by SentinelOne.

Message #

Threat mitigation: Cannot kill process %1 (Path: %2, Process ID: %3) because it is signed by SentinelOne.

Fields #

Description

Threat mitigation: Cannot kill process ProcessName (Path: ProcessPath, Process ID: ProcessID) due to an unknown error.

Message #

Threat mitigation: Cannot kill process %1 (Path: %2, Process ID: %3) due to an unknown error.

Fields #

Description

Threat mitigation: Cannot kill threads of process ProcessName (Path: ProcessPath, Process ID: ProcessID) due to an unknown error.

Message #

Threat mitigation: Cannot kill threads of process %1 (Path: %2, Process ID: %3) due to an unknown error.

Fields #

Description

Threat mitigation: Failed to quarantine file FilePath because the file is remote.

Message #

Threat mitigation: Failed to quarantine file %1 because the file is remote.

Fields #

Description

Threat mitigation: Failed to quarantine file FilePath because the file belongs to a core OS process.

Message #

Threat mitigation: Failed to quarantine file %1 because the file belongs to a core OS process.

Fields #

Description

Threat mitigation: Failed to scramble file FilePath.

Message #

Threat mitigation: Failed to scramble file %1.

Error: %2

Fields #

Description

Threat mitigation: skipping quarantine of file FilePath because the file was already quarantined by another threat mitigation.

Message #

Threat mitigation: skipping quarantine of file %1 because the file was already quarantined by another threat mitigation.

Fields #

Description

Threat mitigation: Failed to quarantine file FilePath because the file does not exist.

Message #

Threat mitigation: Failed to quarantine file %1 because the file does not exist.

Fields #

Description

Threat mitigation: A reboot is required to complete the quarantine of file FilePath.

Message #

Threat mitigation: A reboot is required to complete the quarantine of file %1.

Fields #

Description

Threat mitigation: Failed to quarantine a file.

Message #

Threat mitigation: Failed to quarantine a file.

Error: %1

Fields #

Description

Network quarantine failed.

Message #

Network quarantine failed.

Error: %1

Fields #

Description

Malware detected!

Message #

Malware detected!



True Context ID: %1

Name: %2

Path: %3

Detection engine: %4

Fields #

Description

Mitigation report.

Message #

Mitigation report



True Context ID: %1

Action: %2

Result: %3

Fields #

Description

Failed to unquarantine file FilePath because the file cannot be found.

Message #

Failed to unquarantine file %1 because the file cannot be found

Fields #

Description

Unquarantine: Failed to restore file times for FilePath.

Message #

Unquarantine: Failed to restore file times for %1.

Error: %2

Fields #

Description

Failed to unquarantine files affected by threat of True Context ID TrueContextID.

Message #

Failed to unquarantine files affected by threat of True Context ID %1.

Error: %2

Fields #

Description

Network unquarantine failed.

Message #

Network unquarantine failed.

Error: %1

Fields #

Description

Policy not changed. Verification key not provided. Get the Agent passphrase and enter it with the -k flag.

Message #

Policy not changed. Verification key not provided. Get the Agent passphrase and enter it with the -k flag.

Description

Policy not changed. The provided verification key is incorrect.

Message #

Policy not changed. The provided verification key is incorrect.

Description

Policy not changed. A parameter cannot be both set and undefined.

Message #

Policy not changed. A parameter cannot be both set and undefined.

Description

Policy not changed. Parameter was not provided.

Message #

Policy not changed. Parameter was not provided.

Description

Policy not changed. The value Value is not valid for Parameter: invalid URL.

Message #

Policy not changed. The value %2 is not valid for %1: invalid URL.

Fields #

Description

Policy not changed. The value Value is not valid. Remove the slash from the end of the URL.

Message #

Policy not changed. The value %2 is not valid. Remove the slash from the end of the URL.

Fields #

Description

Policy not changed. The provided proxy credentials are invalid.

Message #

Policy not changed. The provided proxy credentials are invalid.

Fields #

Description

Policy not changed. Failed to write value Parameter for UI Language due to error: Value.

Message #

Policy not changed. Failed to write value %1 for UI Language due to error: %2

Fields #

Description

Policy not changed. Invalid UI configuration property Parameter.

Message #

Policy not changed. Invalid UI configuration property %1.

Fields #

Description

Policy not changed. Invalid engine status Value.

Message #

Policy not changed. Invalid engine status %2.

Engine status must be one of: "off", "suppressed", "disable", "local".

Fields #

Description

Policy not changed. Invalid parameter Parameter: Error.

Message #

Policy not changed. Invalid parameter %1: %2.

Fields #

Description

Policy not changed.

Message #

Policy not changed.

Error: %3.

Parameter: %1

Invalid given value: %2

Fields #

Description

Policy not changed. Cannot undefine parameter Parameter.

Message #

Policy not changed. Cannot undefine parameter %1.

Fields #

Description

Cannot scan Path because the path does not exist.

Message #

Cannot scan %1 because the path does not exist.

Fields #

Description

Cannot scan Path because it is not a folder.

Message #

Cannot scan %1 because it is not a folder.

Fields #

Description

Scan not started because a previous scan is still in progress.

Message #

Scan not started because a previous scan is still in progress.

Description

Cannot scan because Sentinel Agent is not running. Load the Agent and try again.

Message #

Cannot scan because Sentinel Agent is not running. Load the Agent and try again.

Description

Scan aborted.

Message #

Scan aborted.

Description

Full Disk Scan started.

Message #

Full Disk Scan started.

Description

Scan of Path started.

Message #

Scan of %1 started.

Fields #

Description

Scan completed successfully.

Message #

Scan completed successfully.

Description

Failed to execute command Command.

Message #

Failed to execute command %1.

Error: %2

Fields #

Description

Remote Shell: Error.

Message #

Remote Shell: %1

Fields #

Description

Agent Upgrade: BITS job created for downloading the new Agent.

Message #

Agent Upgrade: BITS job created for downloading the new Agent.

Job title: %1

GUID: %2

Destination: %3

Fields #

Description

Agent Upgrade: BITS download job complete. Executing installation.

Message #

Agent Upgrade: BITS download job complete. Executing installation.

Job title: %1

GUID: %2

Destination: %3

Fields #

Description

Agent Upgrade: BITS download job failed.

Message #

Agent Upgrade: BITS download job failed.

Error: %1 (%2)

Job title: %3

GUID: %4

Fields #

Description

Agent Upgrade: BITS download job failed. Falling back to the classic downloader.

Message #

Agent Upgrade: BITS download job failed. Falling back to the classic downloader.

Error: %1 (%2)

Job title: %3

GUID: %4

Fields #

Description

Agent Upgrade: BITS is unavailable. Falling back to the classic downloader.

Message #

Agent Upgrade: BITS is unavailable. Falling back to the classic downloader.

Description

Agent handled the creation of process Name (PID: PID).

Message #

Agent handled the creation of process %1 (PID: %2).

Fields #

Description

DB pruning Result.

Message #

DB pruning %1.

Size before: %2

Size after: %3

New DB GUID: %4

Old DB path: %5

New DB path: %6

Fields #

Description

Customer ID: customerID.

Message #

Customer ID: %1

Fields #

Description

Mark as Status on True Context ID TrueContextID received from Deep Visibility.

Message #

Mark as %2 on True Context ID %1 received from Deep Visibility

Fields #

Description

Failed to Mark True Context ID TrueContextID as Status.

Message #

Failed to Mark True Context ID %1 as %2.

Error: True Context ID was not found on the Agent

Fields #

Description

Failed to Mark as Status: True Context ID TrueContextID.

Message #

Failed to Mark as %2: True Context ID %1.

Error: Already marked

Fields #

Description

True Context ID TrueContextID was changed from suspicious to threat.

Message #

True Context ID %1 was changed from suspicious to threat

Fields #

Description

Failed to Mark as Status: True Context ID TrueContextID.

Message #

Failed to Mark as %2: True Context ID %1.

Error: Marked as Exclusion

Fields #

Description

Failed to Mark as Suspicious True Context ID TrueContextID.

Message #

Failed to Mark as Suspicious True Context ID %1.

Error: Already marked as Threat

Fields #

Description

Failed to Mark as Status True Context ID TrueContextID.

Message #

Failed to Mark as %2 True Context ID %1.

Error: Status is invalid

Fields #

Description

Agent handled the termination of process Name (PID: PID).

Message #

Agent handled the termination of process %1 (PID: %2).

Fields #

Description

Agent encountered invalid pattern: Pattern.

Message #

Agent encountered invalid pattern: %1.

Fields #

Description

USB device DeviceName was Action based on SentinelOne Device Control policy.

Message #

USB device %1 was %2 based on SentinelOne Device Control policy



Class: %3

Interface: USB

Vendor ID: %4

Product ID: %5

Serial ID: %6

Device Name: %1

Fields #

Description

Bluetooth device DeviceName was Action based on SentinelOne Device Control policy.

Message #

Bluetooth device %1 was %2 based on SentinelOne Device Control policy



Class: %3

Minor Class: %4

Interface: Bluetooth

Vendor ID: %5

Product ID: %6

Manufacturer Name: %7

Bluetooth Address: %8

Device Name: %1

Bluetooth Version: %9

GATT Service: %10

Device Information: %11

Fields #

Description

Interface device DeviceName was Action based on SentinelOne Device Control policy.

Message #

%1 device %2 was %3 based on SentinelOne Device Control policy



%4

Fields #

Description

The agent encountered an error that is usually ignored, but shouldn't be ignored in automation: Message.

Message #

The agent encountered an error that is usually ignored, but shouldn't be ignored in automation: %1

Fields #

Description

Scan ended.

Message #

Scan ended.

Scan start time: %1

Scan end time: %2

Scanned %3

Scan triggered by: %4

Total files scanned: %5

Malicious files count: %6

Excluded malicious files count: %7

Scan status: %8

Fields #

Description

BlueKeep exploitation attempt detected from: IP.

Message #

BlueKeep exploitation attempt detected from: %1

Fields #

Description

Resizing the VSS diff area on VolumeName was blocked.

Message #

Resizing the VSS diff area on %2 was blocked.

The existing diff area has %3 used bytes and %4 allocated bytes.

The requested new diff area maximum was %5 bytes.

Fields #

Description

Blocked PacketDirection connection. Rule Id: RuleId Rule Name: RuleName PID: ProcessId Remote Address: RemoteAddress:Port, FQDN: Fqdn.

Message #

Blocked %5 connection. Rule Id: %9 Rule Name: %10 PID: %3 Remote Address: %1:%2, FQDN: %8.

Application Name :%4.

Fields #

Description

Unable to handle configuration change, dropping the configuration.

Message #

Unable to handle configuration change, dropping the configuration

Description

UI storage reached maximum allowed file size.

Message #

UI storage reached maximum allowed file size

Description

UI storage read error ErrorCode "ErrorMessage".

Message #

UI storage read error %2 "%1"

Fields #

Description

UI storage write error ErrorCode "ErrorMessage".

Message #

UI storage write error %2 "%1"

Fields #

Description

UI storage is corrupted and will be deleted.

Message #

UI storage is corrupted and will be deleted.

Description

Error deleting corrupted UI storage.

Message #

Error deleting corrupted UI storage.

Description

Remote script orchestrator: script ScriptName execution completed. Start time: StartTime, duration: Duration milliseconds, exit status: ExitCode.

Message #

Remote script orchestrator: script %1 execution completed. Start time: %2, duration: %3 milliseconds, exit status: %4.

Fields #

Description

File FilePath was detected as a malicious driver when attempting to load it (Malicious Driver Type: MaliciousDriverType).

Message #

File %1 was detected as a malicious driver when attempting to load it (Malicious Driver Type: %2)

Fields #

Description

SentinelCTL command of type "CommandType" was executed - result was: Result.

Message #

SentinelCTL command of type "%1" was executed - result was: %2.

Fields #

Description

Anti-tampering was activated.

Message #

Anti-tampering was activated.

Description

Anti-tampering was deactivated.

Message #

Anti-tampering was deactivated.

Description

Agent upgrade was initiated. (OldVersion -> NewVersion).

Message #

Agent upgrade was initiated. (%1 -> %2)

Fields #

Description

Windows Agent is shutting down.

Message #

Windows Agent is shutting down.

Description

Sentinel process has crashed. Dump file path: "DumpPath".

Message #

Sentinel process has crashed. Dump file path: "%1".

Fields #

Description

Dump file was deleted, as dump limit of DumpFileLimit was reached. Dump file path: "DumpPath".

Message #

Dump file was deleted, as dump limit of %1 was reached. Dump file path: "%2".

Fields #

Description

The agent has successfully connected to the SentinelOne console (ConsoleURL).

Message #

The agent has successfully connected to the SentinelOne console (%1).

Fields #

Description

The agent received a "CommandType" command from console.

Message #

The agent received a "%1" command from console

Fields #

Description

Entering disable mode by command.

Message #

Entering disable mode by command.

Description

Exiting disable mode.

Message #

Exiting disable mode.

Message #

%1

Fields #