WTFBins

A legitimate PowerShell script associated with SentinelOne includes encoded PowerShell, AMSI bypass encoding, as well as strings for offensive security commands such as Invoke-Mimikatz. If running another security solution—like Defender—it may flag this SentinelOne legitimate PowerShell activity as malicious.