EMSystem memory leak when SentinelOne is deployed on endpoint

Version 1

    Verified Product Versions

    Environment Manager 2018.1

    Introduction

    EMSystem.exe may have a memory leak when SentinelOne is deployed on the endpoint.

     

    Detail

    The SentinelOne package injects a DLL into the EMSystem.exe process, resulting in a memory leak.  The DLL can be seen by:

     

    • Running Microsoft SysInternals Process Explorer
    • Browsing to the EMSystem.exe process
    • Pressing CTRL+D to display DLLs loaded into the EMSystem.exe process
    • Look for a Sentinel Agent DLL e.g. InProcessClient<bit>.dll

     

    The issue can be resolved but adding EMSystem.exe to the  SentinelOne exclusion list and confirming that the Sentinel Agent DLL is no longer being injected.