Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

  • Create a Support Ticket
  • Partner Portal
  • Cyrisma MSP Dashboard
  • Home
  • General Questions and Troubleshooting
  • Agent Troubleshooting

Resolving CYRISMA Agent Issues with SentinelOne Security

Are you experiencing scanning issues with the CYRISMA Agent while using SentinelOne security? Many organizations have encountered this problem due to SentinelOne blocking PowerShell, which prevents the CYRISMA Agent from performing critical scanning tasks. Luckily, this issue can be resolved with a simple update or policy change.

Written by Liam Downward

Updated at November 27th, 2024

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

  • User Manual
    Overall Risk Dashboard Agent Status Report Builder Data Scan Vulnerability Scan Secure Baseline Compliance Mitigation Dark Web MSP Interface Instance Admin
  • Self Onboarding Guide
  • Agents
  • The Cyber Risk Assessment Process
  • PSA Integrations
  • General Questions and Troubleshooting
    Agent Troubleshooting Scanning Troubleshooting
  • The Cyber Risk Assessment Process (Video Tutorials)
  • Sales and Prospecting Articles
  • CYRISMA Partner Portal Access
  • Glossary
  • API Documents
  • CYRISMA Change Log
  • Support Ticket SLA
  • Billing Questions
+ More

Table of Contents

How to Identify if You Are Affected Resolution Steps 1. Update SentinelOne 2. Apply a Policy Override (Optional) 3. Restart the CYRISMA Agent Service Conclusion

How to Identify if You Are Affected

To determine if your CYRISMA Agent is impacted, check the CYRISMA Agent log for the following error:

jsaf.provider.windows.powershell.PowershellException: Cannot find a variable with the name 'AmsiContext'.Cannot find a variable with the name 'AmsiInitFailed'.

If this error appears, it indicates that SentinelOne is blocking PowerShell, which is causing the CYRISMA Agent scan failures.


Resolution Steps

To resolve this issue, you can either update your SentinelOne version or apply a temporary policy override.

1. Update SentinelOne

The easiest fix is to update SentinelOne to version 21.7.4 or later. This update resolves the issue where SentinelOne blocks PowerShell, allowing the CYRISMA Agent to function properly.

2. Apply a Policy Override (Optional)

If you’re unable to update SentinelOne right away, you can apply a policy override to disable PowerShell protection temporarily. To do this, use the following policy override within SentinelOne:

{  "powershellProtection": false }

3. Restart the CYRISMA Agent Service

After updating SentinelOne or applying the policy override, ensure that all SentinelOne agents have received the new version or policy update. Once confirmed, restart the CYRISMA Agent Service to allow it to resume scanning.


Conclusion

Once the SentinelOne update or policy override is applied and the CYRISMA Agent Service is restarted, scanning should resume without further issues. Your CYRISMA Agent should now function normally.

sentinelone agent resolving sentinelone update policy

Was this article helpful?

Yes
No
Give feedback about this article

Related Articles

  • CYRISMA Glossary
  • Deploying the CYRISMA Agent on Chromebooks: Setup Guide and Instructions
  • How to Scan a Linux/NAS Device Using CYRISMA Windows Agent
  • How to Install the CYRISMA Agent for Linux (Debian-based Kernel)
Expand