Skip to main content

SentinelOne Agent - Policies & Installation

Updated yesterday

Agent Policies Configuration

  • Policies are handled via the ‘Endpoint Security’ section (‘Security Controls' tab)

  • Admins can configure agent's tracking behavior by modifying the policies

  • Policies should be configured at the global level, from which they will be automatically inherited by all customers

  • It is also possible to override the global policies at the individual customer level, if tenant-specific configurations are required

  • Admins can define exclusions to prevent false positives detections:

    • Go to the ‘SentinelOne Exclusion’ section and click on the ‘Plus’ button

    • Add file paths, processes, or extensions to exclude

    • Please note: exclusions can be defined globally or per customer

  • It is highly recommended to define these policies prior to agent deployment to ensure consistent behavior across all environments


SentinelOne Agent Installation Instructions

Follow this article for complete installation guidelines

Follow this article in case you wish to migrate existing licenses


Uninstallation Process for SentinelOne Agents

1. Automatic Procedure - Single Device:

Admins can initiate an automatic uninstallation process for SentinelOne agents directly from the dashboard:

  1. Go to the ‘Devices’ tab

  2. Verify the view is filtered as ‘Agent Status’ equals ‘Active’

Devices with One Agent Installed (SentinelOne Agent):

  1. Locate the relevant device and click on the ‘Uninstall Agent’ button

  2. Approve the uninstall request by clicking on the ‘Uninstall’ button

  • Once the uninstall process is triggered, the device moves to the 'Pending Uninstall' status

  • Once the uninstall process is complete, the agent is deleted and the device is removed from the list

Devices with Two Agents Installed (both Guardz and SentinelOne)

  1. Locate the relevant device and click on the ‘Uninstall Agent’ button

  2. Select the relevant agent

  3. Approve the uninstall request by clicking on the ‘Uninstall’ button

  • During the uninstall process, the device will be visible under both the ‘Active’ and the ‘Pending Uninstall’ statuses (as it had 2 agents)

  • Once the process is complete, the device will remain under ‘Active’ status, reflecting only the agent that remains installed

Each action such as 'Uninstall requested' or 'Uninstall finished' will be recorded in the Audit Log, visible in the right side of drawer.

2. Automatic Procedure - all Devices:

Admins can initiate an automatic uninstallation process for all SentinelOne agents of a specific customer:

  1. Select the relevant customer

  2. Go to the ‘Security Controls’ tab and open the ‘Endpoint Security’ section

  3. Click on the ‘Deploy’ button and scroll down

  4. Click on the ‘Uninstall agent from all devices’ option

  5. Click on ‘Uninstall’ to approve the request

Did this answer your question?