SentinelOne monitors all applications and files for signs of malicious activity. Data files, being inactive, are ignored unless they contain malicious code. Additionally, SentinelOne compares hashes and other markers of all files against those of known malicious files. Malicious files found on systems may be downloaded individually for further analysis, with the knowledge of the end user. These downloads are encrypted and recorded in the activity log. Search results for a specific suspicious file may also be downloaded in this manner; any file that is not part of a cybersecurity investigation is ignored.

Information collected is only used for protection against security threats. It is not used to support investigations related to employee productivity, attendance/activity and/or any other general monitoring of behaviour not directly associated with security threat protection at the University.