Looks like all files have been reviewed and addressed, please open a ticket if you have any files left in quarantine.
Posted Feb 02, 2026 - 16:32 EST
Update
Official reply from Sentinel One: "SentinelOne is aware of a large-scale false positive event impacting customers globally, driven by a third-party reputation feed misclassification of a benign file artifact. This has caused widespread reputation-based detections, alert storms across multiple regions, and auto-network quarantine events for some customers with enforcement policies enabled. Additionally, the surge in false positives over a brief period of time is affecting SentinelOne management consoles, causing performance degradation and agents appearing offline. SentinelOne teams have taken immediate action to stop further alerts and are actively working to remediate affected environments. Some customers may require additional actions to fully restore normal operations. Our Support and Customer Success teams are prepared to assist as needed."
Posted Feb 02, 2026 - 13:15 EST
Update
Sentinel One is still investigating, most PDF have been marked safe, but some are still quarantined.
Posted Feb 02, 2026 - 12:19 EST
Update
We are continuing to investigate this issue.
Posted Feb 02, 2026 - 10:37 EST
Investigating
We have a call open with Sentinel One to review if this is a false positive.
Posted Feb 02, 2026 - 10:32 EST
This incident affected: Endpoint Detection and Response (EDR).