This SentinelOne Ransomware Warranty (“Warranty Agreement”) describes the terms and conditions for the provision of a Ransomware Warranty (“Warranty”) granted from SentinelOne, Inc. (“SentinelOne”) to either the SentinelOne customer pursuant to the MSA or to the managed security service provider pursuant to the MSSP Agreement (each a “Company”) who subscribes to its Control or Complete SKU of SentinelOne’s Singularity Platform (“Singularity Platform”, respectfully) under the SentinelOne Master Subscription Agreement, including the MSA Solutions Addendum: Singularity Platform Terms (collectively, “MSA”) or the SentinelOne Managed Security Service Provider Agreement (“MSSP Agreement”). This Warranty Agreement governs the Warranty, provided that such Warranty is stated in a Quote or Purchase Order among SentinelOne and the Company, or an approved SentinelOne Partner and the Company, in each case, where approved by SentinelOne (collectively, “PO”). This Warranty shall be effective as of the date the PO is executed (“Effective Date”) and shall remain in effect for the term of the Warranty stated in such PO and so long as the Company subscribes to the Singularity Platform in accordance with the Master Agreement and uses the Singularity Platform in compliance with the terms of this Warranty Agreement (including, without limitation, the Singularity Platform configuration (“Warranty Term”)). As the Company’s authorized representative, you represent that you are authorized by the Company to accept the Warranty under this Warranty Agreement as part of the Company’s subscription to the Singularity Platform. Capitalized terms shall have the meaning assigned to such terms where defined in this Warranty Agreement, and capital terms used but not defined in this Warranty Agreement shall have the meaning assigned to such terms in the Master Agreement.

Subject to the terms and conditions described herein and the Master Agreement, the Parties to agree as follows:


  1. Warranty. During the Warranty Term, so long as the Company also subscribes to the Singularity Platform in compliance with the Master Agreement, the Company’s Endpoints will be protected by the Singularity Platform which will screen for any Ransomware. The Warranty granted herein shall apply to all such Endpoints provided that:

    1. The Singularity Platform and Endpoints are deployed in accordance with the Documentation and such Endpoints are currently active and properly configured;

    2. Only Files that are on Endpoints are covered under this Warranty;

    3. The Singularity Platform and all Endpoints of the Company have the following required configurations and attributes:

      1. Singularity Platform:

        • Protection Mode options are set to Malicious Threats: Protect and Suspicious: Protect.

        • All Detection Engines are set to ON except for Application Control (Containers only). This includes the Interactive Threat Detection engine which is activated when Advanced Mode is enabled under Settings > Configuration (see Documentation for details).

        • Cloud Connectivity is not disabled.

        • Anti-Tamper is turned ON

        • Snapshots are turned ON

        • Scan New Agents is turned ON

        • The latest General Availability (GA) version (or GA with a critical security Service Pack (SP), if issued) or the GA (or GA with a critical SP, if issued) version immediately preceding such latest GA version, of the SentinelOne Windows Endpoint Agent (as specified in the SentinelOne Knowledge Base “Latest Information” article) is deployed prior to the time of Ransomware infection.

        • There are no Pending Actions (such as Reboot) listed on any covered Endpoint.

        • A supported version of the Management Console is deployed.

        • Exclusions specified in the SentinelOne Knowledge Base “Not Recommended Exclusions” article, are not deployed in the Management Console or Endpoints.

        • Binary Vault is enabled (where available)

        • Two-factor authentication is enabled in the Management Console, or Single Sign On with two-factor authentication, enabled and enforced for all Management Console users.

        • Files added to endpoint by Agent specifically for ransomware detection are not deleted, changed, disabled, or otherwise tampered with directly or through Agent configuration (Policy Override, sentinelctl, config).

      2. Operating system:

        • The Warranty applies to Standard (not Legacy) Windows Agents, and on supported versions of Microsoft Windows (as specified in the SentinelOne Knowledge Base “System Requirements” article).

        • Each Endpoint is malware-free prior to SentinelOne Windows Agent installation.

        • OS is fully updated and patched for security updates on each covered Endpoint, and all vulnerable applications are updated to latest releases.

        • VSS (Volume Shadow Copy Service) is enabled and functioning on all Windows Endpoints. VSS Disk Space Usage allocation must be configured with at least 10% on all disks.

    4. The Company adheres to the following manual actions post infection (i.e., upon discovery of Ransomware):

      • Immediately (no more than an hour upon discovery) adds the specific Ransomware threat to blacklist;

      • In case the Ransomware was not blocked but only detected – takes a remediation and rollback action within 1 hour of infection/discovery of the Ransomware; and

      • Notifies SentinelOne of the Ransomware discovery within 24 hours at [email protected].

    this Section 1(d) shall not apply if the Company is subscribed to the Vigilance Response service during the Warranty Term.

  2. Scope of the Warranty. Subject to the terms of this Warranty Agreement, including the specific requirements of Section 1 above, in case of a successful ransomware attack on Endpoints covered by the Warranty, as shown in SentinelOne’s logs and other records, SentinelOne will pay as sole and exclusive remedy to the Company actual damages caused by such attack, capped at $1,000 USD per Endpoint affected by a Breach, and further capped at $1,000,000 USD for every consecutive twelve (12) months in which Company subscribes to the Singularity Platform with respect to the affected Endpoint(s). For clarity, this Warranty applies only to Endpoints with Windows Agent installed and configured as described above and does not include, without limitation, other agents such as Identity and MacOS Agents.

  3. Condition Precedent to Warranty Payment. SentinelOne shall only provide the remedy for the Breach of the Warranty as described above if (i) the Ransomware attack has occurred, is discovered by the Company and reported to SentinelOne during the Warranty Term and Company’s subscription to the Singularity Platform under the Master Agreement; (ii) sufficient evidence that Company’s Endpoints and the Singularity Platform were configured in accordance with the Documentation and compliant with Section 1 above when the Ransomware attack occurred; (iii) the Company demands in writing to recover for damages caused by the Breach; (iv) sufficient evidence is provided by the Company supporting the Ransom demand amount for each Ransomware infection covered by this Warranty; and (v) sufficient evidence and assurances are provided by the Company that no Warranty payment would be used by the Company to make a payment to any person or entity subject to economic sanctions administered or enforced by the U.S. Treasury Department Office of Foreign Assets Control (OFAC), including any such person or entity listed on OFAC’s the Specially Designated Nationals and Blocked Persons (SDN) list or otherwise prohibited under relevant U.S. law.

  4. Exclusions: The Warranty shall not apply to a breach caused primarily by (i) any deployment, configuration and/or use of the Singularity Platform (or a portion thereof), for any or no reason, in a manner inconsistent with the Documentation or the requirements of Section 1 herein; (ii) Company’s negligence or misconduct; or (iii) other products and/or services which directly or indirectly cause the malfunction or non-performance of the Singularity Platform with respect to the subject Ransomware.

  5. Sole and Exclusive Remedy. The aforementioned remedy for the Breach shall be the Company’s sole and exclusive remedy and the entire liability of SentinelOne for any Breach of the Warranty.

  6. Definitions. The capitalized terms below shall have the following meaning:

      1. Breach” means the unauthorized access to at least one Company Endpoint in the form of Ransomware which has caused material harm to the Company, whereby “material harm” must include at least one of the following: (i) the unauthorized acquisition of unencrypted digital data that compromises the security, confidentiality, or integrity of personal information or confidential information maintained by the Company; (ii) public disclosure of personal information or confidential information maintained by the Company; or (iii) the compromise of at least one Company Endpoint resulting the blocking of access to such Endpoint.

      2. Master Agreement” shall mean either the MSA or the MSSP Agreement as applicable to the Company.

      3. Ransomware” means a malware software program that infects Company's systems from external sources (i.e., in the wild), which installs, persists and encrypts a large portion of files at the operating system level, and continuing to demand payment (the "Ransom") in order to decrypt the encrypted files. For clarification, Ransomware does not include any malware introduced by the Company or any third party to Company's internal systems, whether intentionally (i.e., malware testing) or through a breach in the system's security.

      4. Endpoints” means physical or virtual computing devices and/or computing environments (such as containers) that can process data.

  7. Other Terms and Conditions. Any other terms and conditions of the Master Agreement shall be unaffected by this Warranty Agreement, except as expressly stated in the Master Agreement. In case of any conflict between the terms of this Warranty Agreement and the terms and conditions within the Master Agreement relating to the Warranty, the terms and conditions within this Warranty Agreement shall prevail.

  8. Miscellaneous. This Warranty Agreement represents the complete agreement between the Parties concerning the Warranty granted hereunder and supersedes any and all prior agreements or representations between the Parties. SentinelOne may revise the terms of this Warranty Agreement from time to time in its reasonable discretion, provided that such revisions shall not reduce or eliminate the monetary remedy described in Section 2 herein. To the extent that SentinelOne pays to the Company under the Warranty, Company agrees that SentinelOne shall acquire a subrogation right to assert a claim against the hacker who delivered the Ransomware to Company and caused damages for which SentinelOne incurred Warranty costs, and Company further agrees to assist SentinelOne should it decide to assert a claim against such hacker. If any provision of this Warranty Agreement is held to be unenforceable for any reason, such provision shall be reformed only to the extent necessary to make it enforceable. This Warranty Agreement is governed by and construed in accordance with the substantive laws of the State of California, irrespective of its choice of law principles, and the competent courts in the State of California shall have sole and exclusive jurisdiction over every dispute arising from, or in connection with this Warranty Agreement.