Skip to main content

Deploying SentinelOne via Guardz: Best Practices & Installation Guide

Updated over a week ago

Deploying SentinelOne through Guardz is slightly different from deploying it directly from the SentinelOne Console. Guardz simplifies the process by providing:

  • Pre-configured installation packages for different OS types

  • Deployment scripts for mass rollout via MDM/RMM tools

  • Guidance on installation & troubleshooting per OS

Prior to deployment, ensure you select the appropriate package and installation method according to your environment and business requirements.

Phase 1: Enabling the Feature

Step 1: Activate SentinelOne via Endpoint Security

  • Log into Guardz

  • Select the relevant customer

  • Navigate to Security Controls > Endpoint Security

  • If required, click "Get Started" to enable the SentinelOne Security Control

Step 2: Select & Enable SentinelOne Managed Deployment

  • Under SentinelOne, click "Select" for the Managed SentinelOne option

  • Click "Continue" to provision the SentinelOne account

Please note:

  • A customer cannot use both Managed-S1 and BYO-S1 at the same time

  • It is possible to mix and match SentinelOne deployment types across different customers

Phase 2: Preparations for SentinelOne Agents Deployment

Step 1: Select the Most Appropriate Installation Method

SentinelOne offers two primary installation methods:

  1. Installer-based deployment (EXE, MSI, PKG, RPM)

  2. Script-based deployment (MDM, RMM, GPO, Intune, SCCM)

  • Guardz provides pre-configured SentinelOne installation packages along with deployment scripts that work out-of-the-box.

  • Script-based deployment is recommended for MDM, RMM, and remote installation across multiple devices. The provided scripts are pre-built with all necessary variables included.

  • The provided scripts are for guidance only and should be tested in a non-production environment before deployment

Deployment best practices:

  1. Group devices by OS/Architecture/Version before running mass deployments.

  2. Use MDM/RMM tools (Intune, Jamf, SCCM, GPO) for script execution.

  3. Ensure devices have the correct permissions applied before deployment (e.g., Full Disk Access for macOS).

Which method should you choose?

Scenario

Recommended Method

Small-scale deployment

Installer-based (EXE, MSI, PKG, RPM)

Large-scale rollout (100+ devices)

Script-based (MDM, RMM, GPO, SCCM, Intune)

Remote installation

Script-based (MDM, RMM)

Multi-OS environment

Combination of both methods

Step 2: Download the Installation Packages / Scripts

  1. Log into Guardz

  2. Select a specific customer

  3. Navigate to Security Controls > Endpoint Security > SentinelOne Managed

  4. Click on ‘Deploy'

  5. Select the appropriate OS and architecture (Windows, macOS, Linux)

  6. Download the installer package or deployment script

Step 3: Retrieve the Site Token

Every SentinelOne Managed Agent deployment must be linked to the correct customer by using the appropriate Site Token. The token can be retrieved as follows:

  1. Select a specific customer

  2. Navigate to Security Controls > Endpoint Security > SentinelOne Managed

  3. Click on 'Deploy'

  4. Click on 'Review Site Token'

Phase 3: Deploying the Agents

Windows Deployment

Option 1: Installer Deployment (EXE/MSI)

  1. Verify the MSI package is successfully downloaded

  2. Open Command Prompt (Admin) and run:

    msiexec /i SentinelOneInstaller.msi /qn /norestart

  3. Verify the agent installation in Control Panel > Programs

Option 2: Script Deployment via MDM/RMM

  1. Deploy the Windows script via GPO, Intune, or SCCM

  2. Ensure Windows Defender policies are properly configured

  3. Verify that the SentinelOne agent appears in Guardz > Devices

For further instructions refer to the Windows Deployment Guide

macOS Deployment

Option 1: Installer Deployment (PKG)

  1. Verify the PKG file is successfully downloaded

  2. Open Terminal and run:

    sudo installer -pkg SentinelOneInstaller.pkg -target /

  3. Grant Full Disk Access permissions to SentinelOne

Option 2: Script Deployment via MDM (Jamf, Intune)

  1. Deploy the macOS script via MDM (Intune, Jamf)

  2. Ensure Full Disk Access and System Extension Approval are enabled

  3. Confirm the SentinelOne agent is running via:

    sudo launchctl list | grep sentinelone

For further instructions refer to the macOS Deployment Guide

Linux Deployment

Option 1: Installer Deployment (RPM/DEB)

  1. Verify the Linux package (RPM or DEB) is successfully downloaded

  2. Open Terminal and install:

    sudo dpkg -i SentinelOneInstaller.deb # For Debian-based systems sudo rpm -i SentinelOneInstaller.rpm # For RHEL-based systems

  3. Confirm the installation via:

    systemctl status sentinelone

Option 2: Script Deployment via SSH or Automation Tool

  1. Deploy the Linux script via Ansible, Puppet, or SSH-based automation.

  2. Ensure the agent registers with Guardz successfully

For further instructions refer to the Linux Deployment Guide

Phase 4: Post-Deployment Configuration

Step1: Verify Device Enrollment in Guardz

  1. Navigate to Security Controls > Endpoint Security > Devices

  2. Check that all endpoints report correctly in Guardz

Step 2: Adjust SentinelOne Security Policies

  1. Navigate to Security Controls > Endpoint Security > SentinelOne Managed

  2. Click the edit icon to modify SentinelOne Policy Settings

  3. If required, override the global policy settings per customer

Troubleshooting Deployment Issues

Issue: "Installer Failed to Execute"
​Fix:

  • Verify the installer matches the OS architecture (32-bit vs. 64-bit).

  • Run the installer as Administrator (Windows) or with sudo (macOS/Linux).

Issue: "SentinelOne Agent Not Appearing in Guardz"
​Fix:

  • Ensure the agent is installed correctly on the endpoint.

  • Verify that the correct Site Token was used during installation.

Issue: "macOS Agent Does Not Have Full Disk Access"
​Fix:

  • Deploy an MDM profile that grants Full Disk Access to SentinelOne.

Issue: "Linux Agent Not Running After Installation"
​Fix:

  • Run:

    systemctl restart sentinelone

  • Verify SentinelOne logs for errors.

Issue: "Managed SentinelOne is not provisioning."
​Fix:

  • Ensure your Guardz account is enabled for the Ultimate Plan.

  • Retry provisioning after a few minutes.

Issue: "SentinelOne installer fails to deploy."
​Fix:

  • Verify the correct Site Token is being used.

  • Ensure the endpoint has internet access during installation.

Issue: "Devices not appearing in Guardz."
​Fix:

  • Confirm that the SentinelOne agent is successfully installed on the device.

  • Check if the correct SentinelOne site is linked to the Guardz customer.

Issue: "Threats detected in SentinelOne are not showing in Guardz Detection & Response."
​Fix:

  • Verify that the SentinelOne Security Control is active in Guardz.

  • Check if the SentinelOne API connection is functioning properly.

Issue: Trying to deploy SentinelOne on a device that already has a previous installation, you may encounter issues if the old agent was not properly uninstalled
​Fix:

  • Course A – Customer has access
    If the customer still has their passphrase or console access, they can uninstall or migrate the agent directly. Fastest and easiest option.

  • Course B – Customer has no access
    If there’s no passphrase or console access, the customer must first regain one of them before uninstalling.

  • Course C – Force uninstall
    If access can’t be restored, boot into Safe Mode and use the SentinelOneInstaller EXE to remove the agent.

Related Articles
Guardz Device Agent Installation Instructions
Guardz Device Agent Installation Instructions: Intune Deployment
Guardz + SentinelOne Integration Guide (BYO-S1)
Migrating from Existing SentinelOne to Guardz
Guardz Agent - Policies & Installation
Did this answer your question?