Quick Comparison
Action / Capability | Guardz | SentinelOne Console |
Deploy agents (Windows / macOS / Linux) | Yes | Yes |
Deploy via MDM (Intune / Jamf / GPO) | Yes | Yes |
View endpoint health & status | Yes | Yes |
Kill — stop threat processes | Yes | Yes |
Quarantine — isolate threat files | Yes | Yes |
Remediate — delete threat files & system changes | Yes | Yes |
Rollback — restore via VSS snapshot (Windows only) | Yes | Yes |
Network-isolate (disconnect) a device | Yes | Yes |
Add threat hash to Blocklist | Yes | Yes |
Mark threat as False Positive / True Positive | Yes | Yes |
Assign and manage agent policies | Yes | Yes |
Global path exclusions | Yes | Yes |
Create / manage device groups & sites | Limited | Yes |
Associate S1 endpoints to Guardz users (auto + manual) | Yes | — |
Automatic remediation flows | Yes | — |
Security score per user and device | Yes | — |
Per-device or per-group exclusions | — | Yes |
Advanced exclusion modes (hash, cert, browser, path) | — | Yes |
Transition agents between sites | — | Yes |
Console service user & role management | — | Yes |
VDI / golden image configuration | — | Yes |
SentinelOne API token management | — | Yes |
Deep Visibility threat hunting queries | — | Complete tier |
Remote Shell access to endpoints | — | Complete tier |
Forensic storyline analysis | — | Complete tier |
Custom automated detection rules (STAR) | — | Complete tier |
Rogue device & network attack surface (Ranger) | — | Complete tier |
What You Can Do in Guardz
All of these SentinelOne management actions are available directly within the Guardz platform — no need to switch tools.
Deployment & Installation
✓ Install SentinelOne agents (Windows, macOS, Linux) via Guardz
✓ Deploy agents via Intune, GPO, or Jamf through Guardz
✓ Download agent installers for manual deployment
✓ Uninstall agents via Guardz interface
✓ Configure agent installation policies
✓ Manage Bring Your Own (BYO) S1 integration
✓ Migrate between Managed and BYO licensing
Endpoint Visibility & User Management
✓ View all endpoints and their security status
✓ Auto-associate SentinelOne endpoints to Guardz users
✓ See device health, agent version, and OS details
✓ View endpoint security score per device and per user
✓ Correlate endpoint threats with user identity
Threat Detection & Response
✓ View and triage active threats and detections
✓ Kill — stop all processes related to a threat
✓ Quarantine — move threat files to a confined, encrypted path
✓ Remediate — delete all files & system changes made by a threat
✓ Rollback — restore endpoint via VSS snapshot (Windows, ransomware recovery)
✓ Network isolate / disconnect a device from the network
✓ Add a threat hash to the Blocklist (auto-block on future detections)
✓ Add a threat to Exclusions directly from an alert
✓ Mark threat as False Positive or True Positive
✓ Trigger automatic remediation flows
Policies & Exclusions
✓ Assign and manage agent policies to devices
✓ Add path exclusions via Guardz (global scope)
✓ View active exclusions per customer
What Requires the SentinelOne Console
These capabilities are only available by accessing the SentinelOne console directly.
Advanced Group Management
Required for multi-site or segmented deployments
→ Create and manage custom device groups and sites
→ Assign devices to specific groups or sites
→ Transition agents between sites
→ Define group-level policies with granular overrides
Advanced Exclusions
Global exclusions can be managed in Guardz; per-device/group exclusions require the console
→ Create exclusions scoped to a single device or group
→ Configure advanced path exclusion modes
→ Define certificate-based and hash-based exclusions
→ Manage exclusions for browser content and file types
SentinelOne Complete Features (Advanced EDR)
Available on SentinelOne Complete tier only
→ Deep Visibility threat hunting queries
→ Remote Shell access to endpoints
→ Full forensic timeline and storyline analysis
→ Custom STAR (Automated Detection Rules) creation
→ Rogue device discovery
→ Ranger network attack surface mapping
Console Administration
→ Manage SentinelOne console service users and roles
→ Configure notification and reporting preferences
→ Access SentinelOne API tokens for integrations
→ Review console-level audit logs
→ Configure 2FA enforcement for console users
VDI / VM Advanced Configuration
→ Configure golden image / persistent VDI settings
→ Manage non-persistent VDI device lifecycle
→ Apply VM-specific policy overrides