EMSystem memory leak when SentinelOne is deployed on endpoint

Version 1

    Verified Product Versions

    Environment Manager 2018.1


    EMSystem.exe may have a memory leak when SentinelOne is deployed on the endpoint.



    The SentinelOne package injects a DLL into the EMSystem.exe process, resulting in a memory leak.  The DLL can be seen by:


    • Running Microsoft SysInternals Process Explorer
    • Browsing to the EMSystem.exe process
    • Pressing CTRL+D to display DLLs loaded into the EMSystem.exe process
    • Look for a Sentinel Agent DLL e.g. InProcessClient<bit>.dll


    The issue can be resolved but adding EMSystem.exe to the  SentinelOne exclusion list and confirming that the Sentinel Agent DLL is no longer being injected.