SentinalOne is pulling out SyncroLive.Service.Runner.exe; sees as ransomware attack; so far has done it on 3 separate machines, out of 295 machines with SentinalOne installed. Most of the rip outs have occurred weeks after install of SentinalOne.
You’d need to take that up with S1 not Syncro. Since it’s only on select machines maybe you’re running a specific scripts that it doesn’t like?