SentinelOne - Installing the macOS Agent

SentinelOne - Installing the macOS Agent

Installing the macOS Agent

Make sure you have all the requirements before you start the installation.

To install the macOS Agent
  1. Get the Site or Group Token
  2. Install the Agent using the command line or the Installation Wizard.
  3. Authorize Full Disk Access and Network Extension (this must be done locally).
  4. Authorize the Bluetooth Low Energy permissions.
  5. Upgrading macOS Agents with a Local Upgrade.

Installing the Agent

To install the Agent on one macOS endpoint with Command Line:

1. In the Sentinels toolbar, click Packages.


2. Download the latest macOS installer package. Make sure the scope of the package includes the Site that the Agent will go to.

Best Practice: Download the file to the local endpoint.

3. Save the Site Token or Group Token in a plain text file in a folder named /tmp with the Installer package. Name the Token file: com.sentinelone.registration-token. Change the ownership of the file to root with sudo chown root.

4. Run the installer:
$ sudo /usr/sbin/installer -pkg Download path/tmp/SentinelXXXX.pkg -target /
Example:
$ sudo /usr/sbin/installer -pkg Desktop/tmp/SentinelXXXX.pkg -target /

5. Complete the installation.
If the SentinelOne icon shows "Needs user attention" or the message "Authorize SentinelOne components in System Preferences". Authorize Full Disk Access and Network Extension permissions for the SentinelOne Agent in the System Preferences.

To install the Agent on one macOS endpoint with Installation Wizard:
1. In the Sentinels toolbar, click Packages.

2. Download the latest macOS installer package. Make sure the scope of the package includes the Site that the Agent will go to.

Best Practice: Download the file to the local endpoint.

3. Give the Token string to the user (for example, send a message or email with the Token string).

4. Run the installation package and enter the Token string when prompted in the installation wizard.

5. Complete the installation.
If the SentinelOne icon shows "Needs user attention" or the message "Authorize SentinelOne components in System Preferences". Authorize Full Disk Access and Network Extension permissions for the SentinelOne Agent in the System Preferences.

Authorizing Full Disk Access

The macOS (10.15 Catalina and later releases) makes sure that applications are installed in a secure way. It limits installation only to applications that are approved by Apple and the user. This change does not let applications access specified paths (such as Documents, Downloads, and Desktop) without user consent.

If the SentinelOne icon shows "Needs user attention" or these messages "Authorize Full-Disk-Access to SentinelOne in System Preferences", "Authorize SentinelOne components in System Preferences". Approve Full Disk Access for SentinelOne Apps in the System Preferences.


Important: This is done only once on an endpoint. If already done on the endpoint, do not repeat it when the Agent is updated. If you do not complete this prerequisite step, the macOS Agent will not have full visibility to all files from all users.

Authorize Full Disk Access to these processes:
  1. sentineld
  2. sentineld_helper
  3. For Agents 21.5 and lower, Authorize Full Disk Access to sentinel_shell
  4. For Agents 21.7 and later, Authorize Full Disk Access to sentineld_shell
To Authorize Full Disk Access with MDM:
  1. To grant full disk access in Jamf, see Installing and Upgrading macOS Agents with Jamf.
To Authorize Full Disk Access on a local computer:
1. On the local computer, open System Preferences.

2. Click Security & Privacy, and select the Privacy tab.

3. Click the lock to make changes.

4. In the left pane, click Full Disk Access.

5. Click the + icon.

6. Press and hold Command+Shift+G at the same time to open the Go to the folder menu.


7. Enter the path:
/Library/Sentinel/sentinel-agent.bundle/Contents/MacOS/

8. Click Go.

  1. 9. Select the SentinelOne applications, and click Open:
  2. sentineld.app
  3. sentineld_helper.app
  4. For Agents 21.5 and lower, Authorize Full Disk Access to sentinel_shell.app
  5. For Agents 21.7 and later, Authorize Full Disk Access to sentineld_shell.app




    Optional: Drag and drop the SentinelOne applications into the Security & Privacy window.
    1. Open a Finder window.
    2. Navigate to /Library/Sentinel.
    3. Right-click the sentinel-agent.bundle, and select Show Package Contents.
    4. Navigate to the /Contents/MacOS/ folder.
    5. Select the required SentinelOne applications, and drag the applications to the Security & Privacy window.
    10. Close System Preferences.

    Authorizing the Network Extension

    If the SentinelOne icon shows "Needs user attention" or these messages "Authorize SentinelOne Network Extension in System Preferences", "Authorize SentinelOne components in System Preferences" you must approve the network Extension for SentinelOne in the System Preferences.

    Do this only one time on every macOS endpoint. If you already approved it, there is no need to repeat it when the SentinelOne App is updated. If you do not complete this prerequisite step, your mac will not be fully protected.

    If you use Mobile Device Management (MDM) solution to manage your Endpoints, see:
    1. Installing and Upgrading macOS Agents with Jamf
    2. Installing and Upgrading macOS Agents with MDM tools
    To approve Network Extension:
    1. If you see the System Extension Blocked message, click Open Security Preferences.
    Note: If you click OK, the window closes. To approve the SentinelOne Network Extension later, open System Preferences > Security & privacy > Security.

    2. At System software from application "SentinelOne Extensions" was blocked from loading, click Allow.

    3. In the window that opens, click Allow.

    Upgrading macOS Agents with a Local Upgrade

    To upgrade macOS Agents locally:

    1. Download the new macOS Agent version PKG

    2. Open the Terminal application

    3. Run:
    sudo sentinelctl upgrade-pkg PKG_pathname

    Note: Upgrading the macOS Agent does not work with double-clicking the installer PKG.

    Troubleshooting

    If you experience an issue with the installation or upgrade procedure of the Agent, please share the logs with SentinelOne support.
    • If there is an installed Agent on the endpoint, share the Agent log.
      See .

    • If there is no Agent installed on the endpoint, share, the install.log.
      To Collect install.log:

      • Open Terminal.

      • Enter: cp /var/log/install.log ~/Desktop

    • If you try to upgrade the macOS Agent by double-clicking, the installer PKG will fail, and an error message will appear in the Agent logs: An unexpected error occurred while moving files to the final destination.


      • Related Articles

      • Installing protection agents in macOS

        Agent for Mac This agent includes a component for Antivirus & Antimalware protection and URL Filtering. See Supported Cyber Protect features by operating system for details about supported functionality by operating system. Both x64 and ARM ...
      • Installing EDR Agent on MAC

        Installing EDR Agent on MAC 1. Locate the downloaded file Setup.MBEndpointAgent.(CBT Mac).pkg. In most cases, downloaded files are saved in, Downloads folder. 2. Double click on Setup.MBEndpointAgent.(CBT Mac).pkg to start the setup wizard. 3. The ...
      • Configuring the AlienApp for SentinelOne

        SentinelOne API Configuration To configure AlienApp for SentinelOne in USM Anywhere, you need to generate an API key in your SentinelOne instance and enter it into USM Anywhere. To set up your SentinelOne API Log in to your SentinelOne management ...
      • Malwarebytes - Installing EDR Agent on MAC

        1. Locate the downloaded file Setup.MBEndpointAgent.(CBT Mac).pkg. In most cases, downloaded files are saved in, Downloads folder. 2. Double click on Setup.MBEndpointAgent.(CBT Mac).pkg to start the setup wizard. 3. The next screen shows the ...
      • Sentinel one - Installing the Windows Agent

        Make sure you have all requirements before you start the installation. For Windows Agents: If there is a web proxy between the endpoints and the Console, we recommend you configure the proxy for the Windows Agent in the installation command. If you ...