Jamf Nation Community

dstranathan · ‎02-14-2018

Does anyone have any first-hand knowledge or opinions on SentinelOne. I have never heard of them until today when a local security consultant recomended them for Windows & Mac. Curious if anyone has experence installing/managing this product.

SentinelOne was recently awarded "Best Mac AV" by AV-Test.org.

https://www.sentinelone.com/blog/sentinelone-best-av-macos/

https://www.av-test.org/en/news/news-single-view/put-to-the-test-antivirus-solutions-for-macos-sierra/

jsellers · ‎02-15-2018

Our school district has been using SentinalOne for about 7 months now and it is really easy to push out the package with Jamf Pro. So far we are liking it a lot. It does not slow down the computers at all.

ThijsX · ‎02-15-2018

@dstranathan Currently we are implementing Carbon Black Defense, till now we are positive about the product / managing / deploying.
https://www.carbonblack.com/products/cb-defense/

leojason · ‎05-11-2018

We are rolling out SentineOne as well. Looks pretty good. The recent OSX update required the additional KEXT setting.

reccos02star · ‎06-28-2018

Does anyone know how to make a smart group to identify if SentinelOne is installed? I'm pushing it out, but it's failing on computers that it's already been installed to (which it should), but I want so exclude those computers so it doesn't try to reinstall it.

rihardsp · ‎06-29-2018

Criteria - application title, operator - does not have, value - applicationName.app

Chuey · ‎06-29-2018

I HIGHLY recommend SentinelOne.

I dropped over 70 pieces of Malware/Adware/Viruses at it ALL AT ONCE and it stopped every piece of bad software. Awesome agent for Macs.

reccos02star · ‎07-03-2018

@rihardsp, I tried that and it doesn't work. It can't find the SentinelOne.app, so it returns nothing.

edullum · ‎07-11-2018

Our school district is also using S1. Has anyone figured out how to have the S1 client automatically be "approved" with distribution rather than having a box pop up for the end user asking them to accept it? We are running High Sierra.

Chuey · ‎07-11-2018

@edullum Yes, you can whitelist it so it's an approved kernal extension. You use it's bundleID to whitelist I think.

I would talk to you S1 Engineer and I'm sure s/he can get you that info to white list -- I know mine told me about whitelisting and offered me the necessary information to get it done.

emily · ‎07-11-2018

@reccos02star this is kind of old, so test accordingly, but at a previous employer we used SentinelOne and I used this EA to report if the agent is installed, and if so, what version:
https://github.com/smashism/jamfpro-extension-attributes/blob/master/version_sentinelone.sh

edullum · ‎07-11-2018

@Chuey thanks for your help! I was able to obtain the information in the offline setup guide within the SentinalOne admin console. There is a chapter in that guide on how to install S1 on High Sierra with the parameter to approve the application on behalf of the end user. Within the Instaling on macOS High Sierra it will give you the parameters to enter into the "Execute Command Line" in the policy.

tjhall · ‎07-11-2018

It's a pain to un-install if the client lost communication with the server but works very well generally.
As above, scope it via".app installed policy" using the downloaded package from the console.
If installed using a build make sure it's set to "after reboot".

Jamf Nation Community

SentinelOne Anti Visrus?