How about Capture Client?
Did some investigation on Capture Client. Had a look at the documentation, only to find it's lacking of. A search for 'capture client' lists only 11 documents - but there's no Administrators guide. The closest thing is the 'Getting started guide'.
I wonder if, in a Windows environment, it replaces Windows Defender or does it work alongside?
Also, I don't see it listed in any anti-malware comparison overview, so I wonder how good it is?
Best Answer
-
BWC Cybersecurity Overlord ✭✭✭
@Simon_Weel if you google for Capture Client Admin Guide this is the first thing that comes up:
Capture Client is using SentinelOne as underlying product and just add some bells and whistles to it. Sometimes it lacks behind the SentinelOne Release schedule, which can cause trouble like related to OS updates etc.
Some excerpt from the SentinelOne knowledge Base about Windows Defender:
What is the behavior when a SentinelOne Agent is installed with Windows Defender?
On Windows Servers, Microsoft Defender Antivirus will not enter passive or disabled mode if you have SentinelOne installed. We recommend that you uninstall Microsoft Defender Antivirus on Windows Servers to prevent interoperability issues.Windows Servers do not have Windows Security Center (WSC). As part of the SentinelOne participation agreement in the Microsoft Virus Initiative program, SentinelOne is only allowed to disable Microsoft Defender Antivirus through WSC.Example of an interoperability issue: If both SentinelOne and Windows Defender (or a different antivirus) are installed, a quarantine action can fail with this message:
The operation could not be completed because the file contains a virus or potentially unwanted software.
(Seen on Windows Server 2019 Essentials.) If you see this or a similar error, disable or uninstall Defender or the third-party antivirus.See Microsoft's article, Microsoft Defender Antivirus on Windows Server, for guidance.On Windows 10 and 11, when the Agent registers to the Windows Security Center, SentinelOne becomes the primary Virus and Threat protection, instead of Windows Defender, unless a Policy Override change is made to allow Defender.See How to Have the Agent and Windows Defender Run Concurrently on Windows for details.From the Windows 10 version 1607 (Anniversary Update), when the SentinelOne Agent registers in the Windows Defender Security Center, Windows Defender will become disabled, but not immediately.In Windows 10 versions before 1607, the SentinelOne Agent does not disable Windows Defender.In all Windows versions, it is expected that Windows Defender can still run scans and update signatures in the background. This is called limited periodic scanning, and is a type of threat detection and remediation that is active when you have another antivirus product installed on a Windows 10 device.Note: Windows Defender behavior is controlled by the Windows Operating System, not by the SentinelOne Agent. When the SentinelOne Agent registers with Windows Security Center (WSC), the Operating System determines whether Windows Defender is disabled, based on its configuration. The default behavior is for Windows to disable Windows Defender when another Antivirus product is registered with WSC, but some computers may have a Group Policy Object (GPO) or other configuration that prevents Windows Defender from being disabled. Paid versions of Windows Defender, like Defender Advanced Threat Protection, will not automatically disable unless specifically configured to do so by the Administrator.
—Michael@BWC
0