Skip to main content
All CollectionsSentinelOne & GuardzManaged SentinelOne (Ultimate Plan)Deploying the SentinelOne Agent
SentinelOne Installation - macOS
SentinelOne Installation - macOS
Updated over 3 weeks ago

This article is based on SentinelOne community documentation last updated on Dec 10 2024

Installing the macOS Agent

Make sure you have all the requirements before you start the installation.

Watch: How To Install SentinelOne Kextless Agent.

To install the macOS Agent

  1. Get the Site Token

  2. Install the Agent using the command line or the Installation Wizard.

  3. Authorize Full Disk Access and Network Extension (this must be done locally or via MDM/RMM).

  4. Authorize the Bluetooth Low Energy permissions.

  5. Upgrading macOS Agents with a Local Upgrade.

Get the Site Token

Get the Site token that registers the Agent with a Site. This can be found in Security Controls > Endpoint Security > SentinelOne > Managed > Deploy > View Site Token

Installing the Agent

To install the Agent on one macOS endpoint with Command Line:

  1. Download the latest macOS installer package.

    1. Security Controls > Endpoint Security > SentinelOne > Managed > Deploy

    2. Best Practice: Download the file to the local endpoint.

  2. Save the Site Token in a plain text file in a folder named /tmp with the Installer package. Name the Token file: com.sentinelone.registration-token. Change the ownership of the file to root with sudo chown root.

  3. Run the installer:

    $ sudo /usr/sbin/installer -pkg Download path/tmp/SentinelXXXX.pkg -target /

    Example:

    $ sudo /usr/sbin/installer -pkg Desktop/tmp/SentinelXXXX.pkg -target /

  4. Complete the installation.

    If the SentinelOne icon shows "Needs user attention" or the message "Authorize SentinelOne components in System Preferences". Authorize Full Disk Access and Network Extension permissions for the SentinelOne Agent in the System Preferences.

To install the Agent on one macOS endpoint with Installation Wizard:

  1. Download the latest macOS installer package.

    1. Security Controls > Endpoint Security > SentinelOne > Managed > Deploy

    2. Best Practice: Download the file to the local endpoint.

  2. Give the Token string to the user (for example, send a message or email with the Token string).

  3. Run the installation package and enter the Token string when prompted in the installation wizard.

  4. Complete the installation.

    If the SentinelOne icon shows "Needs user attention" or the message "Authorize SentinelOne components in System Preferences". Authorize Full Disk Access and Network Extension permissions for the SentinelOne Agent in the System Preferences.

Authorizing Full Disk Access

The macOS (10.15 Catalina and later releases) makes sure that applications are installed in a secure way. It limits installation only to applications that are approved by Apple and the user. This change does not let applications access specified paths (such as Documents, Downloads, and Desktop) without user consent.

If the SentinelOne icon shows "Needs user attention" or these messages "Authorize Full-Disk-Access to SentinelOne in System Preferences", "Authorize SentinelOne components in System Preferences". Approve Full Disk Access for SentinelOne Apps in the System Preferences.

Important: This is done only once on an endpoint. If already done on the endpoint, do not repeat it when the Agent is updated. If you do not complete this prerequisite step, the macOS Agent will not have full visibility to all files from all users.

Authorize Full Disk Access to these processes:

  • sentineld

  • sentineld_helper

  • For Agents 21.5 and lower, Authorize Full Disk Access to sentinel_shell

  • For Agents 21.7 and later, Authorize Full Disk Access to sentineld_shell

To Authorize Full Disk Access on a local computer:

  1. On the local computer, open System Preferences.

  2. Click Security & Privacy, and select the Privacy tab.

  3. Click the lock to make changes.

  4. In the left pane, click Full Disk Access.

  5. Click the + icon.

  6. Press and hold Command+Shift+G at the same time to open the Go to the folder menu.

  7. Enter the path:

    /Library/Sentinel/sentinel-agent.bundle/Contents/MacOS/

  8. Click Go.

  9. Select the SentinelOne applications, and click Open:

    • sentineld.app

    • sentineld_helper.app

    • For Agents 21.5 and lower, Authorize Full Disk Access to sentinel_shell.app

    • For Agents 21.7 and later, Authorize Full Disk Access to sentineld_shell.app

    Optional: Drag and drop the SentinelOne applications into the Security & Privacy window.

    1. Open a Finder window.

    2. Navigate to /Library/Sentinel.

    3. Right-click the sentinel-agent.bundle, and select Show Package Contents.

    4. Navigate to the /Contents/MacOS/ folder.

    5. Select the required SentinelOne applications, and drag the applications to the Security & Privacy window.

  10. Close System Preferences.

Authorizing the Network Extension

If the SentinelOne icon shows "Needs user attention" or these messages "Authorize SentinelOne Network Extension in System Preferences", "Authorize SentinelOne components in System Preferences" you must approve the Network Extension for SentinelOne in System Preferences.

Do this only one time on every macOS endpoint. If you already approved it, there is no need to repeat it when the SentinelOne App is updated. If you do not complete this prerequisite step, your mac will not be fully protected.

If you use Mobile Device Management (MDM) solution to manage your Endpoints, see:

  • Installing and Upgrading macOS Agents with Jamf

  • Installing and Upgrading macOS Agents with MDM tools

To approve Network Extension:

  1. If you see the System Extension Blocked message, click Open Security Preferences.

    Note: If you click OK, the window closes. To approve the SentinelOne Network Extension later, open System Preferences > Security & privacy > Security.

  2. At System software from application "SentinelOne Extensions" was blocked from loading, click Allow.

  3. In the window that opens, click Allow.

Upgrading macOS Agents with a Local Upgrade

To upgrade macOS Agents locally:

  1. Download the new macOS Agent version PKG.

  2. Open the Terminal application.

  3. Run:

    sudo sentinelctl upgrade-pkg PKG_pathname

Note

Upgrading the macOS Agent does not work with double-clicking the installer PKG.

Troubleshooting

If you experience an issue with the installation or upgrade procedure of the Agent, please share the logs with SentinelOne support.

  • If there is an installed Agent on the endpoint, share the Agent log.

    See .

  • If there is no Agent installed on the endpoint, share, the install.log.

    To Collect install.log:

    1. Open Terminal.

    2. Enter: cp /var/log/install.log ~/Desktop

  • If you try to upgrade the macOS Agent by double-clicking, the installer PKG will fail, and an error message will appear in the Agent logs: An unexpected error occurred while moving files to the final destination.

Related Articles
SentinelOne Installation - Windows
SentinelOne Installation - Linux
Installing SentinelOne macOS Agents with MDM tools
Installing SentinelOne macOS Agents with Jamf
Migrating from Existing SentinelOne to Guardz
Did this answer your question?