Team


Jan Freund (Team Leader)

W15 1-101 (OL-Wechloy)

+49 (0)441 / 798-3231


Klemens Buhmann

W15 1-107 (OL-Wechloy)

+49 (0)441 / 798-3064


Matthias Schröder

W15 1-109 (OL-Wechloy)

+49 (0)441 / 798-3445


Fred Hasselhorst

Tue: 12:00-14:00, Wed-Fri: 9:30-14:00

EG011 (WHV)

+49 (0)4421 / 944-172


Sentinel One installation

What to do if Sentinel issues a malware warning?

Sentinel detects many more problems than Sophos - it is therefore possible that a warning is issued immediately after installation that a "threat has been detected and the computer has been disconnected from the network as specified". Of course, this can also happen later during operation.

If Sentinel detects a threat, the entire computer is usually moved to "quarantine" to protect the rest of the network. This means that the computer still has a network connection, but may only use it for connections to the Sentinel control computer - effectively, the computer 'no longer has a network', in particular it can no longer send mail or surf the Internet.

At the moment of detection, Sentinel notifies the responsible employees directly and takes care of the problem immediately. This is done remotely without having to do anything locally. Messages appear on the screen saying 'File moved to quarantine', 'Threat reset' ... and the computer is allowed network access again.

In urgent cases, however, it also makes sense to open a ticket or contact us by telephone in order to solve your own case in the short term - the computer name and your contact details are required for queries! The best way to contact the central service desk is via email servicedesk@uol.de or alternatively by phone with extension -5555


Where can I find the computer name?

The easiest way is to open the settings and search for 'Name' in the input field at the top right, the alternatives displayed will then show the PC name.

What is the alternative to Sentinel One?

The statement of the Data Protection and Information Security Unit and the HRZ is relatively clear: Sentinel One should be installed on all university-owned devices - Sentinel One may not be installed with the university licence on other computers used for official purposes that are not the property of the university. However, adequate protection must be provided - also on uni devices on which Sentinel is not to be installed.

However, neither of them makes explicit recommendations, so what additional protection against viruses and other threats should I choose if Sentinel is not an option?

Due to a lack of experience (nobody in ICBM-IT really uses Windows ;) ) here is just a short "random" compilation of a few points:

  • Windows Defender (integrated in MS Windows) was at times almost so good that it could be used as the sole system protection, but is now far behind in most comparisons.
  • Additional protection is also highly recommended on the Mac - a major gateway are PDFs and Office documents and the "convenience functions" they contain, as well as browser vulnerabilities that affect all operating systems.
  • Although Kaspersky has very good detection performance, it is also viewed critically by the BSI due to its headquarters in Moscow.
  • Norton provides good detection performance but penetrates very deeply into the system and can also become intrusive.
  • Avast and AVG are products that usually come off well, both as free and paid versions (approx. €70 per year for Avast Premium Security, occasional offers) for both Windows and Mac The support for Avast seems to be better.
  • Bitdefender is also worth a look, especially in the free versions (only for Windows).

Installation Sentinel One

As already announced: The University of Oldenburg is changing its system for Endpoint Protection and Response (EPR) (aka "virus checker"). The new one is called "Sentinel One". This means that Sophos installations must be removed from all computers and Sentinel One must be installed instead. This step must be taken by 23/06/2023, as the user contract with Sophos expires after this date. This applies to all operating systems with virus checkers with the Sophos programme, including MacOS, and please note the following restrictions: Sentinel One may only be installed on computers owned by the university. Installation is no longer permitted on all private computers; alternative products must be used.

The new Sentinel One icon:

The old Sophos icon:

On newer Windows installations, this replacement is done automatically - so if you already see the new icon, you do not need to do anything.

If you see the old Sophos icon (or neither) please follow the steps below (you will need administrator rights)

  1. Uninstall all Sophos programs (visit "Add or remove programs") and click "Uninstall" (If "Sophos Endpoint Defense" cannot be removed, you can ignore it)
  2. Install "Sentinel One"
    1. Download the executable (.exe) (you will receive a Nextcloud link by email)
    2. Run this installer
    3. During the installation you will be asked for a token - you received this by email
  3. Reboot the computer

If you do not want to carry out this installation yourself, please contact it@icbm.de

(Changed: 29 Sep 2024)  | 
Zum Seitananfang scrollen Scroll to the top of the page