SentinelOne
Contributed By: Dray Agha (@purp1ew0lf)
A legitimate PowerShell script associated with SentinelOne includes encoded PowerShell, AMSI bypass encoding, as well as strings for offensive security commands such as Invoke-Mimikatz
. If running another security solution—like Defender—it may flag this SentinelOne legitimate PowerShell activity as malicious.