This article is based on SentinelOne community documentation, last updated on July 2025.
Supported from Management Version: Central Park
Supported from Agent Version: Windows 3.3.3
This is an overview of the recommended installation methods for Windows Agents on VM or VDI.
From Management version Iguazu, the SentinelOne Management has an improved solution for Hot (live) clones, where clones are automatically assigned a unique UUID. Note that this solution does not work on Agents that were installed with the VDI switch.
Recommended Installation Methods
VM Installation Type | Method | Notes |
Cold clone Persistent or Non-Persistent | Use the VDI installation switch | After installation with the VDI switch, you can upgrade Agents normally from the Management Console without the VDI switch. IMPORTANT: Use the VDI switch only for cold clones - cloned from a machine that is powered off. If used for hot clones (clones from a machine that is turned on, suspended, or hibernated), all the clones will have a duplicate UUID and will be unusable. |
Hot (live) clone Persistent or Non-Persistent | Install WITHOUT the VDI installation switch | The Management makes sure that each clone has a different UUID. This can take up to five minutes. |
If necessary, after installation, Management Console Users with required permissions can reset the UUID of an Agent with the Randomize Uuid command. If the Agent is installed with the VDI switch, the Randomize Uuid command does not apply.
Configuration for Sysprep used in Golden Images - Troubleshooting
During your Sysprep deployment you might experience an Install Windows error.
We recommend this workaround:
Make a Manual (Static) group where you build the base system, and run
sysprepagainst it.Make a Dynamic group where systems spun off of the base image will go (based on name, subnet, etc.) where anti-tamper is enabled.
For details on how to create a group, see Group Types and Creating Groups.
This workaround lets you consistently build the systems without issue, and makes sure all systems used in production will have anti-tamper enabled.
Additional Sysprep Troubleshooting - Disable Anti Tamper
If this workaround does not work, disable anti tamper setting of the Agent. Go to Policy and disable the Agent Configuration Anti Tamper setting.
Installing the Agent in a VDI/Citrix environment will cause an Agent connected to the Management Console to create a new UUID. The UUID parameter is the unique Agent ID, and it changes every time the Agent registers with its Management.
Please note:
We recommend you add these folders to the exclusions in your VDI or Citrix solution (not in the SentinelOne exclusions):
c:\programdata\sentinel c:\program files\sentinelone
To remove an Agent from the Console, set the group of your Agents to automatically decommission after 1 day offline. See Removing an Agent from the Console - Decommission for details.
To see if an Agent was installed with the VDI switch, run:
Sentinelctl.exe agent_id -v
Syntax
For EXE Windows Agents installer packages versions 22.1 and later, use
-a "VDI=true". Example:SentinelOneInstaller.exe -t MY_TOKEN -a "VDI=true INSTALL_DIR="""C:\Program Files\InstallDir"""" /q
For MSI Windows Agent installer packages, use
VDI=true. Example:Sentinelnstaller.msi SITE_TOKEN=MY_TOKEN VDI=true INSTALL_DIR="C:\Program Files\InstallDir" /q
For EXE Windows Agents installer packages before 22.1, use /VDI. Example:
Sentinellnstaller.exe /SITE_TOKEN=MY_TOKEN /VDI /INSTALL_DIR="C:\Program Files\InstallDir" /q