Antivirus alerts for HISTFILE=/dev/null, during DiscoveryDescriptionSince the Istanbul release (PRB687280), history is disabled/suppressed when Discovery's SSH connections are initiated, by setting HISTFILE=/dev/null. No history is saved on the target host for the shell session. Since March 2025, Anti-virus tools have started to alerting for "Suspicious history tampering". In the case of SentinelOne-Agent, it is also crashing that agent due to the large amount of log-entries. Note: This problem fix will be to add a MID Server configuration parameter to allow customers to turn that behaviour off, but this will (probably) still remain the default behaviour.Steps to Reproduce Discover a UNIX-like server, such as a Linux Server Antivirus tools may alert for the command HISTFILE=/dev/null e.g. SentinelOne logs:[2024-12-16 17:59:30.819793] [2098335] [info] [detector] [bash_history_evasion.lua] Threat type: shell_set_env *Event Info*: is in container: false bash set env: key: HISTFILE value: /dev/null *Process Info*: kpid: 2344282 euid: 64134 username: 'XXXXX' exe path: /usr/bin/bash cmdline: 'sh' ac type: 3 process metadata: 6 *Group Leader Info*: kpid: 2344282 euid: 64134 username: 'XXXXX' exe path: /usr/bin/bash cmdline: 'sh' ac type: 3 process metadata: 6 group metadata: 1348 *Indicator Info*: id: LD80 category: 1 metadata: Suspicious history tampering: HISTFILE was set to /dev/null WorkaroundThis problem has no workaround, is currently under review and targeted to be fixed in a future release. Subscribe to this Known Error article to receive notifications when more information will be available.Related Problem: PRB1834586