I use Sentinel One for AV with firewall control enabled. I’m noticing I have quite a few assets (19) reporting that firewall is disabled everyday while assets within the same clients are reporting no problems.
I could disable the firewall alert but that seems like a bad idea.
I had a look at this and I see historically, the installed AV will turn Windows defender off. I had a look at one of your assets and the logs are showing that the Windows Firewall is disabled:
03 Mar 00:13:19 INF v1.0.148 [1**.***.***]: SyncEngine: SmallSync: Checking Firewall Status 2
03 Mar 00:13:19 INF v1.0.148 [1**.***.***]: SyncEngine: SmallSync:
The Domain firewall profile is turned on: False
The Private firewall profile is turned on: False
The Public firewall profile is turned on: False
It looks like when the Sentinel firewall is enabled it automatically disables the Windows Firewall.
We are sending an alert because we aren’t recognizing the Sentinel firewall in the firewall check. I would like to surface this issue with our development team. Can you send over a screenshot showing the Sentinel Firewall active from one of the machines producing the alerts? After receiving it I will put all the information together and submit a report to the dev team.
Please send us the details by creating a Support ticket.