Skip to main content
Learn more about our NEW login process here!
Thermo Fisher Scientific

Communication blocked by SentinelOne

  1. Last updated
  2. Save as PDF

Issue

SentinelOne is a cybersecurity platform designed to provide endpoint protection, detection, and response.  It uses artificial intelligence and machine learning to detect and mitigate cyber threats in real-time.  In some systems, SentinelOne has interfered with TCP/UDP and USB communications.

In the case of TCP/UDP disruption, SeninelOne is likely blocking port traffic, acting as a firewall with the symptom being a mass spectrometer will not communicate with it's Tune application (ICSW).

In the case of USB disruption, SentinelOne is reported to be able to replace the USB device's driver.  For a Chromeleon based system, communication between the IPC and the hardware may not be possible, or it may be possible only intermittently.  The primary symptom is an inability to Connect to the hardware in the Chromeleon Console.

Environment

SentinelOne is not provided with the instrument's PC.  The default anti-malware software is Microsoft Defender.  SentinelOne has been found to obstruct communications with a TNG Exploris and an ICS-6000 system.

Resolution

To restore communication, the customer must have their IT department uninstall, suspend, or reconfigure SentinelOne.  There are two reasons for this.  First, this software is not supported for use with the Thermo Scientific hardware fleet.  Second, SentinelOne requires a Windows Administrator with knowledge of the SentinelOne administrator password to fully disable.

Analysis

Generally, when anti-malware is blocking TCP/UDP ports, the TNG Console windows will show "Connected" in the title bar if the hardware is operational.

SentinelOne can interfere with TCP/UDP communication.  To troubleshoot, ping the network addresses using the command line.  Default IP addresses can be found in this KB article.  If the Console shows Connected, but the ping is unsuccessful, first verify the TNG Manager Service is running and then disable SentinelOne and/or the configured system firewall (reboot mandatory).  If communication is restored the customer must reconfigure their anti-malware strategy.

SentinelOne has interfered with USB communications in Chromeleon controlled systems.  It replaced the Chromeleon hardware device driver with its own.  Check the driver assignment in Chromatography Devices in the Windows Device Manager.  Disable SentinelOne and uninstall/reinstall the affected Chromatography devices.  Disconnect the USB hardware from the PC and reboot.  Reconnect the USB hardware and verify the correct driver is applied.