Merge pull request #1404 from avenjamin/sentinelone-malware

Add malware detection support for SentinelOne

Author: mboelen

include/tests_malware

@@ -39,6 +39,7 @@
     MALWARE_SCANNER_INSTALLED=0
     MALWARE_DAEMON_RUNNING=0
     ROOTKIT_SCANNER_FOUND=0
+    SENTINELONE_SCANNER_RUNNING=0
     SOPHOS_SCANNER_RUNNING=0
     SYMANTEC_SCANNER_RUNNING=0
     SYNOLOGY_DAEMON_RUNNING=0
@@ -231,6 +232,20 @@
             Report "malware_scanner[]=mcafee"
         fi
 
+       # SentinelOne
+       LogText "Text: checking process sentineld (SentinelOne)"
+       if isRunning "sentineld"; then SENTINELONE_SCANNER_RUNNING=1; fi # macOS
+       if isRunning "s1-agent"; then SENTINELONE_SCANNER_RUNNING=1; fi # Linux
+       if isRunning "SentinelAgent"; then SENTINELONE_SCANNER_RUNNING=1; fi # Windows
+       if [ ${SENTINELONE_SCANNER_RUNNING} -eq 1 ]; then
+            FOUND=1
+            if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} SentinelOne" --result "${STATUS_FOUND}" --color GREEN; fi
+            LogText "Result: Found SentinelOne"
+            MALWARE_DAEMON_RUNNING=1
+            MALWARE_SCANNER_INSTALLED=1
+            Report "malware_scanner[]=sentinelone"
+        fi
+
         # Sophos savscand/SophosScanD
         LogText "Test: checking process savscand"
         if IsRunning "savscand"; then