Sentinel One is an advanced malware protection software that protects computers from modern malicious threats, being offered by the University for its employees. Unlike legacy antivirus software that relies on static lists of known threats, SentinelOne utilizes behavioral AI to identify and neutralize sophisticated attacks—such as zero-day malware or memory-based exploits—in real-time. This system is designed to stop threats by monitoring apps or programs while they run, ensuring that malicious activity is stopped before it can compromise your data. The objective is to safeguard the university’s digital assets and ensure your systems and work is protected.
Who is Responsible for Installing SentinelOne?
SentinelOne is required to be installed on all UH-owned endpoints (desktops, laptops) and servers. SentinelOne can be installed onto Windows, macOS, and Linux (RHEL, Debian derivatives). To install SentinelOne, please reach out to your departmental IT specialist for assistance. If you do not have a departmental IT specialist, please reach out to 鶹ýInfoSec at infosec@hawaii.edu.
If you are a 鶹ýIT Specialist
Please visit the SentinelOne Management Basics Page for information on requesting a SentinelOne site, management of SentinelOne, installing agents, and requesting exclusions.
Frequently Asked Questions (FAQ)
No. As an Endpoint Detection and Response (EDR) platform, SentinelOne is designed to identify and neutralize active cyber threats at the device level. SentinelOne monitors how applications interact with the operating system to spot malicious activity. It does not inspect the content of your personal documents, emails, or private communications. As a reminder, as stated in existing policy (EP 2.210, Section III.E.), the University owns the computers and networks that comprise the institutional information technology infrastructure. The electronic allocation of file space to a user does not assign legal ownership of the content. Rather, it is the granting of permission to use these institutional facilities subject to the policies and regulations of the University and applicable statutes.
SentinelOne does not log your browsing habits for the purpose of tracking behavior. It compares active network connections against a global database of known malicious command-and-control servers to prevent “phishing” and “drive-by” malware infections. It is looking for connections to known malicious servers.
SentinelOne is a lightweight agent designed for minimal resource impact. SentinelOne monitors system activity in the background using minimal CPU and memory. It performs a full disk scan only once upon installation which may result in a performance degradation. But this initial scan is necessary to ensure that any existing malware is identified and eradicated.
IT administrators only receive alerts when a specific threat is detected. These alerts include technical metadata—such as the name of the malicious process, the file path involved, and the system actions taken—to help investigate and remediate the threat. We do not have access to your screen, camera, or keystrokes.
Traditional security tools are increasingly ineffective against modern attack methods such as “fileless” attacks and polymorphic malware. A “fileless” attack is where the malicious program only exists in your computer’s memory which is erased when you shutdown or restart your computer. It has already done its damage (stealing credentials and data) and usually leaves behind vulnerabilities that the attacker can use in the future. Polymorphic malware is malicious software that changes itself to avoid detection. By moving to an AI-driven advance malware protection software like Sentinel One, the university can proactively protect against modern attacks such as ransomware, ensuring your work remains secure and available
Sentinelone monitors and tracks process creation and behaviors of applications, it monitors for actions that replicate malicious behavior and alerts to suspicious/malicious behavior instead of just monitoring static databases of file hashes.