[smartmontools-support] SentinelOne kills the script
Christian Franke
Christian.Franke at t-online.de
Sun May 25 12:15:20 CEST 2025
Hello,
Oleksandr Onishchenko via Smartmontools-support wrote:
> Hello everyone!
>
> We wanted to install smartmontools on our server and it was killed by
> SentinelOne Antivirus software:
>
> [Screenshot showing that "drivedb.h update*.lnk" are blocked]
>
The screenshot suggests that the AV blocks the creation of shortcuts
which contain "powershell ... -ExecutionPolicy ..." regardless of the
command or script which would be run.
Note that according to VirusTotal, there are no malware detections
(including SentinelOne) for the (signed!) smartmontools 7.5 installer
and the included powershell script:
https://www.virustotal.com/gui/file/896337fcc253220614cf8cdbd5cf2321c5aa326a37a04160a672a281e6104c70
https://www.virustotal.com/gui/file/955b1110c9a7397adab19afbcadc20c5dae09669a4a368305cb3f8fc98b7dc49
Even the usual noise of false positives is not present.
> I tried to install smartmontools with choco and from original .exe
> file. The result was the same.
If your system would block powershell in general, even choco won't work.
Please also note that choco's current "chocolateyInstall.ps1" script
still downloads the 3+ year old smartmontools-7.3 from sourceforge.
>
> Can you please help and give some feedback?
If possible, please report this as a false positive to Sentinel support
and tell us their reply.
Workarounds:
- Disable the related rule in the AV for the smartmontools shortcut
install directory, or
- install with "Start Menu Shortcuts" disabled, or
- unpack the installer with 7-zip and install the files manually.
Hope this helps.
--
Regards,
Christian
More information about the Smartmontools-support
mailing list