FILE: C:\Program Files\SentinelOne\Sentinel Agent 24.2.3.471\KernelMonitor.inf

--

; KernelMonitor.inf
;

[Version]
Signature="$WINDOWS NT$"
Class="AntiVirus"
ClassGuid={B1D1A169-C54F-4379-81DB-BEE7D88D7454}
Provider=%SENTINEL%
DriverVer = 03/30/2025,4.00.13.82
CatalogFile=SentinelMonitor.cat
DriverPackageType=FileSystemMinifilter
PnpLockdown=1

[DestinationDirs]
Monitor.CopyMonitorFiles = 12,\%InstallDir%\%DriverVersion%
Monitor.DeleteMonitorFiles = 12,\%InstallDir%\%DriverVersion%

[SourceDisksNames]
1 = %DiskName%,,,""

[SourceDisksFiles]
SentinelMonitor.sys = 1,,

[DefaultInstall.NTamd64]
OptionDesc = %DriverDescription%
CopyFiles = Monitor.CopyMonitorFiles


[DefaultInstall.NTamd64.Services]
AddService = %DriverName%,,Monitor.Service

[DefaultUninstall.NTamd64.Services]
DelService = %DriverName%,0x200

[Monitor.Service]
DisplayName = %DriverName%
Description = %DriverDescription% %DriverVersion%
ServiceBinary = %12%\%InstallDir%\%DriverVersion%\%DriverName%.sys
ServiceType = 2
StartType = 0
ErrorControl = 1
LoadOrderGroup = "FSFilter Anti-Virus"
AddReg = Monitor.AddRegistry

[DefaultUninstall.NTamd64]
LegacyUninstall = 1
DelFiles = Monitor.DeleteMonitorFiles

[Monitor.AddRegistry]
HKR,,"SupportedFeatures",0x00010001,0xf ; SUPPORTED_FS_FEATURES_OFFLOAD_READ | SUPPORTED_FS_FEATURES_OFFLOAD_WRITE | SUPPORTED_FS_FEATURES_QUERY_OPEN | SUPPORTED_FS_FEATURES_BYPASS_IO
HKR,"Instances",                   "DefaultInstance" ,, "Sentinel Instance"
HKR,"Instances\Sentinel Instance", "Flags"           ,, 0x00000000
HKR,"Instances\Sentinel Instance", "Altitude"        ,, "329355.5"

[Monitor.CopyMonitorFiles]
%DriverName%.sys

[Monitor.DeleteMonitorFiles]
%DriverName%.sys

[Strings]
DriverName="SentinelMonitor"
DriverDescription="Sentinel Driver"
SENTINEL="Sentinel Labs, Inc."
ManufacturerName="SentinelLabs"
ClassName=""
DiskName="KernelMonitor Source Disk"
InstallDir="SentinelOne"
DriverVersion="24.2.3.471"


--