Skip to main content

Deploying SentinelOne via Guardz: Best Practices & Installation Guide

Updated over 2 months ago

Deploying SentinelOne via Guardz: Best Practices & Installation Guide

Introduction

Deploying SentinelOne through Guardz is slightly different from deploying it directly from the SentinelOne Console. Guardz simplifies the process by providing:

  • Pre-configured installation packages for different OS types.

  • Deployment scripts for mass rollout via MDM/RMM tools.

  • Guidance on installation & troubleshooting per OS.

Before deploying, it's important to choose the right package and install method based on your environment.

Step 1: Choosing the Right Installation Method

SentinelOne offers two primary installation methods:

  1. Installer-based deployment (EXE, MSI, PKG, RPM)

  2. Script-based deployment (MDM, RMM, GPO, Intune, SCCM)

Which method should you choose?

Scenario

Recommended Method

Small-scale deployment

Installer-based (EXE, MSI, PKG, RPM)

Large-scale rollout (100+ devices)

Script-based (MDM, RMM, GPO, SCCM, Intune)

Remote installation

Script-based (MDM, RMM)

Multi-OS environment

Combination of both methods

*Mass deployment via script is recommended for large organizations.

Step 2: Downloading Installation Packages & Scripts

Guardz provides pre-configured SentinelOne installation packages along with deployment scripts that work out-of-the-box.

How to Get the Installation Files

  1. Log into Guardz.

  2. Navigate to Security Controls > Endpoint Security > SentinelOne Managed.

  3. Click "Deploy" to enable the SentinelOne integration.

  4. Select the appropriate OS and architecture (Windows, macOS, Linux).

  5. Download the installer package or deployment script.

Step 3: Deploying SentinelOne Using Mass Deployment Scripts

Why Use Deployment Scripts?

Script-based deployment is recommended for MDM, RMM, and remote installation across multiple devices.

Guardz provides pre-built scripts with all necessary variables included.

Deployment best practices:

  • Group devices by OS/Architecture/Version before running mass deployments.

  • Use MDM/RMM tools (Intune, Jamf, SCCM, GPO) for script execution.

  • Ensure devices have the correct permissions applied before deployment (e.g., Full Disk Access for macOS).

Disclaimer: The provided scripts are for guidance only and should be tested in a non-production environment before deployment.

Step 4: Deploying SentinelOne Per OS

Windows Deployment (EXE/MSI or Script)

Option 1: Installer Deployment (EXE/MSI)

  1. Download the MSI package from Guardz.

  2. Open Command Prompt (Admin) and run:

msiexec /i SentinelOneInstaller.msi /qn /norestart

3. Verify the agent installation in Control Panel > Programs.


Option 2: Script Deployment via MDM/RMM

  1. Deploy the Windows script via GPO, Intune, or SCCM.

  2. Ensure Windows Defender policies are properly configured.

  3. Verify that the SentinelOne agent appears in Guardz > Devices.

Windows Deployment Guide

macOS Deployment (PKG or Script)

Option 1: Installer Deployment (PKG)

  1. Download the PKG file from Guardz.

  2. Open Terminal and run:

sudo installer -pkg SentinelOneInstaller.pkg -target /

3. Grant Full Disk Access permissions to SentinelOne.


Option 2: Script Deployment via MDM (Jamf, Intune)

  1. Deploy the macOS script via MDM (Intune, Jamf).

  2. Ensure Full Disk Access and System Extension Approval are enabled.

  3. Confirm the SentinelOne agent is running via:

sudo launchctl list | grep sentinelone

macOS Deployment Guide

Linux Deployment (RPM/DEB or Script)

Option 1: Installer Deployment (RPM/DEB)

  1. Download the Linux package (RPM or DEB).

  2. Open Terminal and install:

sudo dpkg -i SentinelOneInstaller.deb # For Debian-based systems sudo rpm -i SentinelOneInstaller.rpm # For RHEL-based systems

3. Confirm the installation via:

systemctl status sentinelone


Option 2: Script Deployment via SSH or Automation Tool

  1. Deploy the Linux script via Ansible, Puppet, or SSH-based automation.

  2. Ensure the agent registers with Guardz successfully.

Linux Deployment Guide

Step 5: Post-Deployment Configuration

Verify Device Enrollment in Guardz

After installing SentinelOne:

  1. Log into Guardz.

  2. Navigate to Security Controls > Endpoint Security > Devices.

  3. Check that all endpoints report correctly in Guardz.

Adjust SentinelOne Security Policies

  1. Navigate to Security Controls > Endpoint Security > SentinelOne Managed.

  2. Click the edit icon to modify SentinelOne Policy Settings.

  3. If required, override the global policy settings per customer.

Your SentinelOne agents are now fully deployed & managed via Guardz!

Troubleshooting Deployment Issues

Issue: "Installer Failed to Execute"
Fix:

  • Verify the installer matches the OS architecture (32-bit vs. 64-bit).

  • Run the installer as Administrator (Windows) or with sudo (macOS/Linux).

Issue: "SentinelOne Agent Not Appearing in Guardz"
Fix:

  • Ensure the agent is installed correctly on the endpoint.

  • Verify that the correct Site Token was used during installation.

Issue: "macOS Agent Does Not Have Full Disk Access"
Fix:

  • Deploy an MDM profile that grants Full Disk Access to SentinelOne.

Issue: "Linux Agent Not Running After Installation"
Fix:

  • Run:

    systemctl restart sentinelone

  • Verify SentinelOne logs for errors.

Best Practices for SentinelOne Deployment

  • Test deployment in a small group before mass rollout.

  • Use script-based deployment for large-scale installations.

  • Ensure required permissions (e.g., Full Disk Access for macOS) are applied.

  • Monitor Guardz > Devices to ensure proper agent enrollment.

Related Articles
Guardz Device Agent Installation Instructions
SentinelOne Installation - macOS
Deploying SentinelOne with Guardz Ultimate Plan
Installing SentinelOne Windows Agents with Intune
Guardz Agent - Policies & Installation
Did this answer your question?