Help

SentinelOne Agent Installation

Go to solution
FueledbyCoffee
New Contributor II

Posted on ‎01-10-2023 04:31 AM

Good afternoon JAMF Nation. Just want to get your professional guide/advice on how to install the SentinelOne agents in our MacOS devices using JAMF. I have the PKG file needed but when I tried installing it as normal, it failed. Looking for a friend, TIA!

0 Kudos
Reply
1 ACCEPTED SOLUTION

Go to solution
AJPinto
Honored Contributor III
In response to mdryer

Posted on ‎02-28-2023 01:12 PM

SentinelOnes Documentation covers this, you need to approve three items and give them SystemPolicyAllFiles access. I honestly recommend pinging SentinelOne as they have good documentation for macOS and even have JAMF specific documentation.

 

Below is what I use. I always hate when people copy paste screenshots with the code requirements I needed but you cant copy it. So I put the code requirement stuff in the code blocks. 

 

  • com.sentinelone.sentineld-shell

 

ID: com.sentinelone.sentineld-shell

Code Requirement: anchor apple generic and identifier "com.sentinelone.sentineld-shell" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN")

App or Service: SystemPolicyAllFiles

Access: Allow

 

AJPinto_0-1677618355074.png

 

  • com.sentinelone.sentineld-helper

 

ID: com.sentinelone.sentineld-helper

Code Requirement: anchor apple generic and identifier "com.sentinelone.sentineld-helper" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN")

App or Service: SystemPolicyAllFiles

Access: Allow

 

AJPinto_1-1677618370657.png

 

  • com.sentinelone.sentineld

 

ID: com.sentinelone.sentineld

Code Requirement: anchor apple generic and identifier "com.sentinelone.sentineld" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN")

App or Service: SystemPolicyAllFiles

Access: Allow

 

AJPinto_2-1677618378724.png

 

View solution in original post

Reply
9 REPLIES 9

Go to solution
AJPinto
Honored Contributor III

Posted on ‎01-10-2023 05:12 AM

Sent1 has really good documentation for macOS and JAMF, reach out to your Sent1 rep and they should be able to get you going. 

 

A quick over view. Sent1's package needs to be cached, and run with a script. The script contains the token sent1 needs to install. In the policy, cache the package, and run the script with a priority "after".

#!/bin/bash
sudo echo "$4" > /Library/Application\ Support/JAMF/Waiting\ Room/com.sentinelone.registration-token 
sudo /usr/sbin/installer -pkg "/Library/Application Support/JAMF/Waiting Room/$5" -target /

$4 is the token

$5 is the package name

Reply

Go to solution
mdryer
New Contributor II
In response to AJPinto

Posted on ‎02-28-2023 12:53 PM

Works like a charm.

0 Kudos
Reply

Go to solution
mdryer
New Contributor II

‎02-28-2023 12:49 PM - edited ‎02-28-2023 12:52 PM

@AJPinto What are you doing to ensure full disk access / all other approvals?
We are using the PPPC tool, but it seems like there may still be some that are not approved by that.

0 Kudos
Reply

Go to solution
AJPinto
Honored Contributor III
In response to mdryer

Posted on ‎02-28-2023 01:12 PM

SentinelOnes Documentation covers this, you need to approve three items and give them SystemPolicyAllFiles access. I honestly recommend pinging SentinelOne as they have good documentation for macOS and even have JAMF specific documentation.

 

Below is what I use. I always hate when people copy paste screenshots with the code requirements I needed but you cant copy it. So I put the code requirement stuff in the code blocks. 

 

  • com.sentinelone.sentineld-shell

 

ID: com.sentinelone.sentineld-shell

Code Requirement: anchor apple generic and identifier "com.sentinelone.sentineld-shell" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN")

App or Service: SystemPolicyAllFiles

Access: Allow

 

AJPinto_0-1677618355074.png

 

  • com.sentinelone.sentineld-helper

 

ID: com.sentinelone.sentineld-helper

Code Requirement: anchor apple generic and identifier "com.sentinelone.sentineld-helper" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN")

App or Service: SystemPolicyAllFiles

Access: Allow

 

AJPinto_1-1677618370657.png

 

  • com.sentinelone.sentineld

 

ID: com.sentinelone.sentineld

Code Requirement: anchor apple generic and identifier "com.sentinelone.sentineld" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN")

App or Service: SystemPolicyAllFiles

Access: Allow

 

AJPinto_2-1677618378724.png

 

Reply

Go to solution
mdryer
New Contributor II

Posted on ‎03-06-2023 01:18 PM

Here is SentinelOne's official documentation. 
If you follow all the steps, you will be able to install and configure everything without having end users have to approve anything.

https://usea1-012.sentinelone.net/docs/en/installing-and-upgrading-macos-kextless-agents-with-jamf.h...

0 Kudos
Reply

Go to solution
Franky779
New Contributor III

Posted on ‎01-24-2024 02:17 AM

I have to reply in this post. I have a problem when installing/upgrading SentinelOne via JAMF.

I followed the documentation an https://euce1-104.sentinelone.net/docs/en/installing-and-upgrading-macos-agents-with-jamf.html#UUID-...

Package is set to cached but i get an error, probably because the client ist already installed. But my testmachine has an older version then the supplied one. So it should do an upgrade? There seems to be a path problem when moving things.

 

Script result: installer: Package name is SentinelOne
installer: Upgrading at base path / installer: The upgrade failed. (The installation failed due to an error. Contact the software manufacturer. An error occurred while moving the files to their destination.)


Installscript

sudo echo "abcdefg" > /Library/Application\ Support/JAMF/Waiting\ Room/com.sentinelone.registration-token
sudo /usr/sbin/installer -pkg /Library/Application\ Support/JAMF/Waiting\ Room/Sentinel-Release-23-3-2-7123_macos_v23_3_2_7123.pkg -target /
0 Kudos
Reply

Go to solution
tt_zone
New Contributor
In response to Franky779

Posted on ‎01-30-2024 07:46 AM

@Franky779 Same issue here. I'll get something started with S1 and keep y'all posted here. S1 really be breaking things lately. First (and still) locking out machines from network acces for no reason, and now this.

0 Kudos
Reply

Go to solution
Franky779
New Contributor III
In response to tt_zone

Posted on ‎02-04-2024 11:51 PM

Somehow it went through a few hours later. Still can´t see a reason yet.....but its working. Fine for me ;-)

0 Kudos
Reply

Go to solution
tt_zone
New Contributor
In response to Franky779

Posted on ‎02-05-2024 12:30 AM

Yeah for me it all of a sudden started working as well over the weekend... I think they changed something, but they still have yet to come back to me about on my support ticket. Problem solved I guess! :D

0 Kudos
Reply