EMSystem.exe may have a memory leak when SentinelOne is deployed on the endpoint.
The SentinelOne package injects a DLL into the EMSystem.exe process, resulting in a memory leak. The DLL can be seen by:
- Running Microsoft SysInternals Process Explorer
- Browsing to the EMSystem.exe process
- Pressing CTRL+D to display DLLs loaded into the EMSystem.exe process
- Look for a Sentinel Agent DLL e.g. InProcessClient<bit>.dll
The issue can be resolved but adding EMSystem.exe to the SentinelOne exclusion list and confirming that the Sentinel Agent DLL is no longer being injected.