Help

SentinelOne and Ventura

Go to solution
mmolenda
New Contributor III

Posted on ‎08-03-2023 07:37 AM

I have run into an odd issue where on some machines complete the S1 upgrade and some machine fail it after the agent is installed (hence the S1 console sees them online and on the correct version).  It seems like a permissions issue that I don't know how to tackle.

Screenshot 2023-08-03 at 10.28.56 AM.png

This is the install script - This is the one I decided on using.

Screenshot 2023-08-03 at 10.29.29 AM.png

This is the upgrade script - Alternate script

WIth the install script, I got 3 Macs that Completed and 11 that failed.

Screenshot 2023-08-03 at 10.26.12 AM.png

Successful.

Screenshot 2023-08-03 at 10.27.11 AM.png

 Not successful.

 This is the error:

Script result: installer: Package name is SentinelOne installer: Upgrading at base path /
installer: The upgrade failed. (The Installer encountered an error that caus installation to fail. Contact the software manufacturer for assistance. An ur error occurred while moving files to the final destination.)

I guess I'm confused as to why it completed on 3 Macs but failed on 11 Macs.  Same script.  Same everything...

Any help would be appreciated. 

 

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
whiteb
Contributor II

Posted on ‎08-03-2023 11:36 AM

I've seen that error with Adobe packages. The fix was:

1. Open Terminal
2. Run the following command: xattr /path/to/.pkg
3. If the **com.apple.quarantine** attribute is associated with the application, you should see the following output: com.apple.quarantine
4. To remove the quarantine attribute, you would then run the following command: sudo xattr -r -d com.apple.quarantine /path/to/.pkg

Then, try re-uploading the .pkg with Safari instead of Chrome.

I just do the above on all .pkg's and I always use Safari now when uploading.

Though I'm typically using Installomator so I try and avoid monolithically maintaining .pkg's where possible.

We use Jamf Protect, but I manage S1 on about 500 Windows endpoints as well.

Thinking about it more, the problem could also be that the .pkg is having issues trying to overwrite a file that already exists. You could use Composer to see what the .pkg is actually doing.

View solution in original post

0 Kudos
5 REPLIES 5

Go to solution
whiteb
Contributor II

Posted on ‎08-03-2023 11:36 AM

I've seen that error with Adobe packages. The fix was:

1. Open Terminal
2. Run the following command: xattr /path/to/.pkg
3. If the **com.apple.quarantine** attribute is associated with the application, you should see the following output: com.apple.quarantine
4. To remove the quarantine attribute, you would then run the following command: sudo xattr -r -d com.apple.quarantine /path/to/.pkg

Then, try re-uploading the .pkg with Safari instead of Chrome.

I just do the above on all .pkg's and I always use Safari now when uploading.

Though I'm typically using Installomator so I try and avoid monolithically maintaining .pkg's where possible.

We use Jamf Protect, but I manage S1 on about 500 Windows endpoints as well.

Thinking about it more, the problem could also be that the .pkg is having issues trying to overwrite a file that already exists. You could use Composer to see what the .pkg is actually doing.

0 Kudos

Go to solution
mmolenda
New Contributor III
In response to whiteb

Posted on ‎08-03-2023 12:09 PM

Is there a way to package that up in a script?  I will first check to see if it works on my own Mac before considering deploying.  While we don't have that many Macs, many of them are across the country and globe.  It will be difficult to do manually.

We only have 15 Macs in our Jamf profile, so having a separate security product doesn't really make sense for us, so we just use S1 on all endpoints.  For the most part, I love Installomator and the majority of our applications can be installed by Installomator.  I will try this solution and see if I can make it work and then figure out how I can deploy it.

0 Kudos

Go to solution
whiteb
Contributor II

Posted on ‎08-03-2023 12:19 PM

It needs to be done to the .pkg on your computer once, before uploading to Jamf. But yeah that fixed my Adobe issues where I would randomly get that same error. Some would be fine, but a computer with the same hardware and same exact OS would inexplicably throw the error. And that makes sense, single pane of glass. Hopefully that fixes for you. S1 support is pretty responsive, could always try seeing what they have to say.

0 Kudos

Go to solution
humanendpoint
New Contributor

Posted on ‎08-04-2023 05:34 AM

I think you cannot directly update S1, as they want you to update via the sentinelcli and only install new via policy.

0 Kudos

Go to solution
mmolenda
New Contributor III

Posted on ‎08-31-2023 06:10 AM

So some machines passed and others failed, yet show as the correct version in the S1 admin panel.  There is some folder that is read-only I guess that when it is written to, it fails but the software had already been installed.  It's crazy but I have been told sort of what to do.

 

Thank you everybody for your help.  I am still learning JAMF.

0 Kudos