SCENARIO
Manual SentinelOne agent installation is used when automated deployment methods (GPO, RMM, SCCM) are unavailable or when installing on standalone workstations, non-domain-joined systems, or servers requiring immediate protection. This method provides direct control over installation parameters and is ideal for troubleshooting deployment issues, testing new agent versions, or deploying to air-gapped environments.
Use this method when:
- Installing on non-domain computers or workgroup systems
- Immediate protection is required before automated deployment completes
- Testing new agent versions before mass deployment
- Troubleshooting GPO/automated deployment failures
- Deploying to DMZ servers or isolated network segments
- Installing on VMs, contractors' laptops, or temporary systems
REQUIREMENTS & ASSUMPTIONS
Prerequisites:
- Local Administrator privileges on target system
- SentinelOne Management Console access (Site Admin or higher)
- Downloaded Windows installer (MSI) from SentinelOne console
- Site token from management console
- Network connectivity to SentinelOne management console (HTTPS/443)
Assumed Environment:
- Target OS: Windows 10/11 (1809+), Windows Server 2016/2019/2022
- Minimum system requirements:
- 2GB RAM (4GB recommended)
- 2GB free disk space
- x64 processor architecture
- No conflicting security software (or prepared to disable/uninstall)
- Internet connectivity (or internal proxy configured)
Required Information:
- SentinelOne Console URL:
https://yourtenant.sentinelone.net - Site Token: 96+ character alphanumeric string from console
- MSI installer file path or download link
PROCESS
Step 1: Download the SentinelOne agent installer
- Log in to the SentinelOne Management Console at
https://yourtenant.sentinelone.net - Navigate to Sentinels → Downloads
- Under Endpoint Agents, select Windows
- Choose the agent version:
- GA (General Availability): Recommended for production
- EA (Early Availability): For testing new features
- Click Download for the appropriate architecture:
SentinelInstaller_windows_64bit_v\<version\>.msi(most common)SentinelInstaller_windows_32bit_v\<version\>.msi(legacy systems only)
- Save to a secure location:
C:\Temp\SentinelOne\
Verify installer integrity:
# Check file hash against console-provided SHA256
$installerPath = "C:\Temp\SentinelOne\SentinelInstaller_windows_64bit_v23.4.2.487.msi"
$computedHash = Get-FileHash -Path $installerPath -Algorithm SHA256
Write-Host "Computed SHA256: $($computedHash.Hash)"
# Compare with hash shown in SentinelOne console Downloads pageStep 2: Obtain the site token
- In the SentinelOne console, navigate to Settings → Sites
- Locate your target site (e.g., "Production", "Corporate Endpoints")
- Click the site name to open details
- Under Site Token, click Show Token
- Click Copy to clipboard
- Store securely in password manager or encrypted notes
Site token format:
- Length: Typically 96-128 characters
- Characters: Alphanumeric (A-Z, a-z, 0-9)
- Example:
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...(truncated)
Important: Site tokens are sensitive credentials. Do not share publicly or commit to version control.
Step 3: Prepare the target system
- Check for conflicting security software:
# List installed security products
Get-WmiObject -Namespace "root\SecurityCenter2" -Class AntiVirusProduct | Select-Object displayName, productState
# Common conflicts: McAfee, Symantec Endpoint Protection, Trend Micro, CrowdStrike
# Note: Windows Defender will be automatically disabled by SentinelOne- Uninstall conflicting EDR/AV products (if required):
# Example: Uninstall McAfee Agent
msiexec /x {product-code-guid} /qn /l*v "C:\Temp\mcafee-uninstall.log"
# Or use vendor-specific removal tools- Verify system requirements:
# Check available disk space
Get-PSDrive C | Select-Object Used, Free, @{Name="FreeGB";Expression={[math]::Round($_.Free/1GB,2)}}
# Check RAM
Get-CimInstance Win32_PhysicalMemory | Measure-Object -Property Capacity -Sum | ForEach-Object {[math]::Round($_.Sum/1GB,2)}
# Check OS version
Get-CimInstance Win32_OperatingSystem | Select-Object Caption, Version, OSArchitecture- Configure proxy settings (if required):
# Check current proxy configuration
netsh winhttp show proxy
# Set proxy (if corporate proxy required for internet access)
netsh winhttp set proxy proxy-server="proxy.domain.local:8080" bypass-list="*.local;\<local\>"
# SentinelOne agent will inherit these system-wide proxy settings- Open firewall for outbound HTTPS (typically already open):
# Verify connectivity to SentinelOne console
Test-NetConnection -ComputerName "yourtenant.sentinelone.net" -Port 443Step 4: Install the SentinelOne agent
Method A: GUI installation (interactive)
- Navigate to the installer location:
C:\Temp\SentinelOne\ - Right-click
SentinelInstaller_windows_64bit_v23.4.2.487.msi - Select Run as administrator
- Click Yes on UAC prompt
- In the installation wizard:
- Click Next on welcome screen
- Accept EULA and click Next
- Site Token field: Paste your site token
- Management Server: Auto-populated (verify correct URL)
- Click Install
- Wait for installation to complete (typically 2-5 minutes)
- Click Finish
- System may prompt for reboot (recommended but not always required)
Method B: Silent installation via command line (recommended)
Open PowerShell as Administrator:
# Basic silent installation with site token
$installerPath = "C:\Temp\SentinelOne\SentinelInstaller_windows_64bit_v23.4.2.487.msi"
$siteToken = "your-site-token-here"
$logPath = "C:\BIN\LOGS-$(Get-Date -Format 'yyyyMMdd')-SentinelOne-Install.log"
# Ensure log directory exists
New-Item -Path "C:\BIN" -ItemType Directory -Force | Out-Null
# Execute installation
Start-Process msiexec.exe -ArgumentList "/i `"$installerPath`" /qn SITE_TOKEN=`"$siteToken`" /l*v `"$logPath`"" -Wait -NoNewWindow
Write-Host "Installation complete. Check log: $logPath"Method C: Advanced installation with additional parameters
# Installation with custom parameters
$installerPath = "C:\Temp\SentinelOne\SentinelInstaller_windows_64bit_v23.4.2.487.msi"
$siteToken = "your-site-token-here"
$logPath = "C:\BIN\LOGS-$(Get-Date -Format 'yyyyMMdd')-SentinelOne-Install.log"
# Build argument list
$arguments = @(
"/i `"$installerPath`""
"/qn" # Quiet mode, no UI
"SITE_TOKEN=`"$siteToken`""
"MSIRESTARTMANAGERCONTROL=Disable" # Prevent automatic service restarts
"/l*v `"$logPath`"" # Verbose logging
)
# Execute installation
$process = Start-Process msiexec.exe -ArgumentList ($arguments -join ' ') -Wait -PassThru -NoNewWindow
# Check exit code
if ($process.ExitCode -eq 0) {
Write-Host "[SUCCESS] SentinelOne agent installed successfully" -ForegroundColor Green
} else {
Write-Host "[ERROR] Installation failed with exit code: $($process.ExitCode)" -ForegroundColor Red
Write-Host "Review log file: $logPath"
}Common MSI exit codes:
0: Success1603: Fatal error during installation (check log for details)1618: Another installation already in progress1622: Error opening installation log file1638: Another version already installed3010: Success, reboot required
Step 5: Monitor installation progress
Real-time log monitoring:
# Watch installation log in real-time
$logPath = "C:\BIN\LOGS-$(Get-Date -Format 'yyyyMMdd')-SentinelOne-Install.log"
Get-Content $logPath -Wait -Tail 20Check for installation events:
# Monitor Windows Event Log for MSI installer events
Get-WinEvent -LogName Application -MaxEvents 20 | Where-Object {$_.ProviderName -eq "MsiInstaller"} | Format-Table TimeCreated, Message -WrapService startup verification:
# Wait for SentinelOne service to start
$maxAttempts = 12 # 60 seconds total
$attempt = 0
do {
$service = Get-Service -Name "SentinelAgent" -ErrorAction SilentlyContinue
if ($service -and $service.Status -eq "Running") {
Write-Host "[SUCCESS] SentinelAgent service is running" -ForegroundColor Green
break
}
Start-Sleep -Seconds 5
$attempt++
Write-Host "Waiting for service startup... ($attempt/$maxAttempts)"
} while ($attempt -lt $maxAttempts)
if ($service.Status -ne "Running") {
Write-Host "[WARNING] Service not running after 60 seconds" -ForegroundColor Yellow
}Step 6: Verify agent registration
Check agent status locally:
# Verify SentinelOne installation
$agentPath = "C:\Program Files\SentinelOne\Sentinel Agent*"
$agentExe = Get-ChildItem $agentPath -Recurse -Filter "SentinelAgent.exe" | Select-Object -First 1
if ($agentExe) {
Write-Host "[INFO] Agent installed at: $($agentExe.DirectoryName)"
Write-Host "[INFO] Agent version: $($agentExe.VersionInfo.FileVersion)"
} else {
Write-Host "[ERROR] Agent executable not found" -ForegroundColor Red
}
# Check registry for configuration
$regPath = "HKLM:\SOFTWARE\SentinelOne\Sentinel Agent"
if (Test-Path $regPath) {
$config = Get-ItemProperty -Path $regPath
Write-Host "[INFO] Management Server: $($config.ManagementServerUrl)"
Write-Host "[INFO] Site ID: $($config.SiteId)"
Write-Host "[INFO] Agent ID: $($config.AgentId)"
} else {
Write-Host "[ERROR] Registry configuration not found" -ForegroundColor Red
}Verify console connectivity:
# Test connection to management console
$consoleUrl = (Get-ItemProperty -Path "HKLM:\SOFTWARE\SentinelOne\Sentinel Agent").ManagementServerUrl
$consoleHost = ([System.Uri]$consoleUrl).Host
$connection = Test-NetConnection -ComputerName $consoleHost -Port 443 -InformationLevel Detailed
if ($connection.TcpTestSucceeded) {
Write-Host "[SUCCESS] Console connectivity verified" -ForegroundColor Green
Write-Host "[INFO] Latency: $($connection.PingReplyDetails.RoundtripTime)ms"
} else {
Write-Host "[ERROR] Cannot reach management console" -ForegroundColor Red
}Step 7: Verify agent in SentinelOne console
- Log in to the SentinelOne Management Console
- Navigate to Sentinels → Agents
- In the search bar, enter the computer name or IP address
- Verify the agent appears with:
- Status: Connected (green icon)
- Last Active: Within last 5 minutes
- Agent Version: Matches installed version
- Site: Correct site assignment
- Policy: Appropriate policy assigned (check details)
- Click on the agent to view detailed information:
- Network interfaces and IP addresses
- Installed applications
- Operating system details
- Threat detection status
Expected timeline:
- Agent appears in console: 30 seconds to 2 minutes after service starts
- Full asset inventory: 5-15 minutes (applications, network info, etc.)
- Initial scan completion: 15-30 minutes
Step 8: Configure agent settings (optional)
Set custom agent tag:
# Agent tags are configured from console, but can reference computer properties
# Example: Tag based on department OU
$ou = (Get-ADComputer $env:COMPUTERNAME).DistinguishedName
Write-Host "Computer OU: $ou"
# Manually add corresponding tag in SentinelOne consoleConfigure logging verbosity (troubleshooting):
# Enable verbose logging (temporarily for troubleshooting)
$regPath = "HKLM:\SOFTWARE\SentinelOne\Sentinel Agent"
Set-ItemProperty -Path $regPath -Name "LogLevel" -Value 5 # 1=Error, 3=Info, 5=Debug
# Restart service to apply
Restart-Service -Name "SentinelAgent" -Force
# View logs
Get-Content "C:\ProgramData\SentinelOne\Logs\Agent.log" -Tail 50Force immediate policy update:
# Trigger policy refresh from console (no local command available)
# Alternative: Restart agent service to pull latest policy
Restart-Service -Name "SentinelAgent" -Force
Start-Sleep -Seconds 10
# Verify policy applied
$agentLog = Get-Content "C:\ProgramData\SentinelOne\Logs\Agent.log" -Tail 100
if ($agentLog -match "Policy.*applied") {
Write-Host "[SUCCESS] Policy applied successfully" -ForegroundColor Green
}VERIFICATION
Comprehensive agent verification script:
function Test-SentinelOneAgent {
Write-Host "`n=== SentinelOne Agent Verification ===" -ForegroundColor Cyan
$checks = @{
ServiceStatus = $false
ProcessRunning = $false
RegistryConfig = $false
ConsoleConnectivity = $false
FileSystemDriver = $false
}
# Check 1: Service status
$service = Get-Service -Name "SentinelAgent" -ErrorAction SilentlyContinue
if ($service -and $service.Status -eq "Running") {
Write-Host "[PASS] SentinelAgent service is running" -ForegroundColor Green
$checks.ServiceStatus = $true
} else {
Write-Host "[FAIL] SentinelAgent service not running" -ForegroundColor Red
}
# Check 2: Process running
$process = Get-Process -Name "SentinelAgent" -ErrorAction SilentlyContinue
if ($process) {
Write-Host "[PASS] SentinelAgent process active (PID: $($process.Id))" -ForegroundColor Green
$checks.ProcessRunning = $true
} else {
Write-Host "[FAIL] SentinelAgent process not found" -ForegroundColor Red
}
# Check 3: Registry configuration
$regPath = "HKLM:\SOFTWARE\SentinelOne\Sentinel Agent"
if (Test-Path $regPath) {
$config = Get-ItemProperty -Path $regPath
Write-Host "[PASS] Registry configuration found" -ForegroundColor Green
Write-Host " - Management Server: $($config.ManagementServerUrl)"
Write-Host " - Site ID: $($config.SiteId)"
Write-Host " - Agent ID: $($config.AgentId)"
$checks.RegistryConfig = $true
} else {
Write-Host "[FAIL] Registry configuration missing" -ForegroundColor Red
}
# Check 4: Console connectivity
try {
$consoleUrl = (Get-ItemProperty -Path $regPath -ErrorAction Stop).ManagementServerUrl
$consoleHost = ([System.Uri]$consoleUrl).Host
$connection = Test-NetConnection -ComputerName $consoleHost -Port 443 -WarningAction SilentlyContinue
if ($connection.TcpTestSucceeded) {
Write-Host "[PASS] Console connectivity verified ($consoleHost)" -ForegroundColor Green
$checks.ConsoleConnectivity = $true
} else {
Write-Host "[FAIL] Cannot reach console ($consoleHost)" -ForegroundColor Red
}
} catch {
Write-Host "[FAIL] Console connectivity check failed" -ForegroundColor Red
}
# Check 5: File system filter driver
$driver = Get-WindowsDriver -Online | Where-Object {$_.OriginalFileName -like "*sentinel*"} | Select-Object -First 1
if ($driver) {
Write-Host "[PASS] File system driver loaded: $($driver.OriginalFileName)" -ForegroundColor Green
$checks.FileSystemDriver = $true
} else {
Write-Host "[WARN] File system driver not detected (may be normal)" -ForegroundColor Yellow
}
# Overall status
$passCount = ($checks.Values | Where-Object {$_ -eq $true}).Count
$totalChecks = $checks.Count
Write-Host "`n=== SUMMARY ===" -ForegroundColor Cyan
Write-Host "Passed: $passCount/$totalChecks checks"
if ($passCount -ge 4) {
Write-Host "[SUCCESS] Agent installation verified" -ForegroundColor Green
return $true
} else {
Write-Host "[FAILURE] Agent installation incomplete" -ForegroundColor Red
return $false
}
}
# Run verification
Test-SentinelOneAgentQuick verification commands:
# One-liner service check
Get-Service -Name "SentinelAgent" | Select-Object Name, Status, StartType
# One-liner version check
(Get-Item "C:\Program Files\SentinelOne\Sentinel Agent*\SentinelAgent.exe").VersionInfo.FileVersion
# One-liner connectivity check
Test-NetConnection -ComputerName (([System.Uri](Get-ItemProperty "HKLM:\SOFTWARE\SentinelOne\Sentinel Agent").ManagementServerUrl).Host) -Port 443TROUBLESHOOTING
Issue: Installation fails with error 1603
Symptoms: MSI installer terminates with generic error code 1603
Solutions:
- Check installation log for specific error:
$logPath = "C:\BIN\LOGS-$(Get-Date -Format 'yyyyMMdd')-SentinelOne-Install.log"
Select-String -Path $logPath -Pattern "error|failed|return value 3" -Context 2,5- Common cause: Insufficient disk space
# Verify at least 2GB free
$freeSpace = (Get-PSDrive C).Free / 1GB
if ($freeSpace -lt 2) {
Write-Host "[ERROR] Insufficient disk space: $([math]::Round($freeSpace, 2))GB free" -ForegroundColor Red
# Clean up temporary files
Remove-Item "C:\Windows\Temp\*" -Recurse -Force -ErrorAction SilentlyContinue
}- Common cause: Conflicting security software
# Identify and remove conflicting AV
$avProducts = Get-WmiObject -Namespace "root\SecurityCenter2" -Class AntiVirusProduct
$avProducts | Select-Object displayName, productState
# If McAfee/Symantec detected, uninstall before retrying- Common cause: Corrupted installer
# Re-download installer and verify hash
$installerPath = "C:\Temp\SentinelOne\SentinelInstaller_windows_64bit_v23.4.2.487.msi"
$expectedHash = "ABC123..." # From console Downloads page
$actualHash = (Get-FileHash -Path $installerPath -Algorithm SHA256).Hash
if ($actualHash -ne $expectedHash) {
Write-Host "[ERROR] Installer hash mismatch - file corrupted" -ForegroundColor Red
Remove-Item $installerPath
# Re-download from console
}Issue: Agent installs but shows "Not Connected" in console
Symptoms: Service running, but agent doesn't appear in console or shows offline
Solutions:
- Verify site token is correct:
# Check configured site token matches console
$configuredSiteId = (Get-ItemProperty -Path "HKLM:\SOFTWARE\SentinelOne\Sentinel Agent").SiteId
Write-Host "Configured Site ID: $configuredSiteId"
# Compare with Site ID in console (Settings → Sites)- Check firewall/proxy blocking HTTPS:
# Test console connectivity with detailed diagnostics
$consoleHost = ([System.Uri](Get-ItemProperty "HKLM:\SOFTWARE\SentinelOne\Sentinel Agent").ManagementServerUrl).Host
Test-NetConnection -ComputerName $consoleHost -Port 443 -InformationLevel Detailed
# If proxy required, configure:
netsh winhttp set proxy proxy-server="proxy.domain.local:8080"
# Restart agent after proxy configuration
Restart-Service -Name "SentinelAgent" -Force- Review agent log for connection errors:
# Check agent log for connectivity issues
$logPath = "C:\ProgramData\SentinelOne\Logs\Agent.log"
Select-String -Path $logPath -Pattern "connection|failed|error" -Context 0,3 | Select-Object -Last 20- Force agent re-registration:
# Restart service to trigger re-registration
Restart-Service -Name "SentinelAgent" -Force
# Wait 60 seconds and check console
Start-Sleep -Seconds 60
Write-Host "Check console for agent status now"Issue: Installation completes but service won't start
Symptoms: MSI reports success but SentinelAgent service fails to start
Solutions:
- Check service startup error:
# View service details
Get-Service -Name "SentinelAgent" | Format-List *
# Check Event Log for service startup errors
Get-WinEvent -LogName System -MaxEvents 50 | Where-Object {$_.ProviderName -eq "Service Control Manager" -and $_.Message -like "*SentinelAgent*"}- Verify driver loaded:
# Check if SentinelOne driver is loaded
fltmc filters | Select-String "Sentinel"
# If driver not loaded, check for driver signing issues
Get-WindowsDriver -Online | Where-Object {$_.OriginalFileName -like "*sentinel*"}- Attempt manual service start with error details:
# Try starting service with verbose error
sc start SentinelAgent
# Check service dependencies
sc qc SentinelAgent- Reinstall with verbose logging:
# Uninstall
$productCode = (Get-WmiObject -Class Win32_Product | Where-Object {$_.Name -like "*SentinelOne*"}).IdentifyingNumber
msiexec /x $productCode /qn /l*v "C:\Temp\sentinel-uninstall.log"
# Reboot
Restart-Computer -Force
# Reinstall after reboot
msiexec /i "C:\Temp\SentinelOne\SentinelInstaller_windows_64bit_v23.4.2.487.msi" /qn SITE_TOKEN="your-token" /l*v "C:\Temp\sentinel-reinstall.log"Issue: Installation hangs or takes extremely long
Symptoms: MSI installer runs for 30+ minutes without completing
Solutions:
- Check for hung Windows Installer service:
# Kill hung msiexec processes
Get-Process msiexec | Stop-Process -Force
# Restart Windows Installer service
Restart-Service -Name "msiserver" -Force- Verify no other installations in progress:
# Check for other MSI installations
Get-Process msiexec
Get-WmiObject Win32_Product | Where-Object {$_.InstallState -eq 5} # 5 = installing- Disable antivirus temporarily:
# Disable Windows Defender real-time protection temporarily
Set-MpPreference -DisableRealtimeMonitoring $true
# Retry installation
# Re-enable after installation
Set-MpPreference -DisableRealtimeMonitoring $falseIssue: Agent installed but wrong site assignment
Symptoms: Agent appears in console but under incorrect site
Solutions:
- Uninstall and reinstall with correct site token:
# Uninstall current agent
$productCode = (Get-WmiObject -Class Win32_Product | Where-Object {$_.Name -like "*SentinelOne*"}).IdentifyingNumber
msiexec /x $productCode /qn
# Wait for uninstall to complete
Start-Sleep -Seconds 30
# Reinstall with correct site token
$correctSiteToken = "your-correct-site-token-here"
msiexec /i "C:\Temp\SentinelOne\SentinelInstaller_windows_64bit_v23.4.2.487.msi" /qn SITE_TOKEN="$correctSiteToken" /l*v "C:\Temp\sentinel-correct-site-install.log"- Or move agent to correct site from console:
- In console, navigate to Sentinels → Agents
- Select the agent
- Click Actions → Move to Site
- Select correct site and confirm
COMMANDS/SCRIPTS
Complete manual installation script with error handling:
<#
.SYNOPSIS
Manually installs SentinelOne agent with comprehensive error handling
.DESCRIPTION
Performs pre-installation checks, installs SentinelOne agent, and verifies successful deployment
.PARAMETER InstallerPath
Full path to SentinelOne MSI installer
.PARAMETER SiteToken
Site token from SentinelOne console
.PARAMETER LogPath
Path for installation log file (optional)
.EXAMPLE
.\Install-SentinelOneAgent.ps1 -InstallerPath "C:\Temp\SentinelInstaller.msi" -SiteToken "eyJhbGc..."
#>
param(
[Parameter(Mandatory=$true)]
[ValidateScript({Test-Path $_ -PathType Leaf})]
[string]$InstallerPath,
[Parameter(Mandatory=$true)]
[ValidateLength(96,256)]
[string]$SiteToken,
[Parameter(Mandatory=$false)]
[string]$LogPath = "C:\BIN\LOGS-$(Get-Date -Format 'yyyyMMdd')-SentinelOne-Install.log"
)
# Ensure running as administrator
if (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
Write-Error "This script must be run as Administrator"
exit 1
}
Write-Host "=== SentinelOne Agent Installation ===" -ForegroundColor Cyan
# Pre-installation checks
Write-Host "`n[1/6] Performing pre-installation checks..." -ForegroundColor Yellow
# Check disk space
$freeSpaceGB = (Get-PSDrive C).Free / 1GB
if ($freeSpaceGB -lt 2) {
Write-Error "Insufficient disk space: $([math]::Round($freeSpaceGB, 2))GB free (minimum 2GB required)"
exit 1
}
Write-Host "[PASS] Disk space: $([math]::Round($freeSpaceGB, 2))GB free" -ForegroundColor Green
# Check OS version
$os = Get-CimInstance Win32_OperatingSystem
if ([version]$os.Version -lt [version]"10.0") {
Write-Error "Unsupported OS version: $($os.Caption) $($os.Version)"
exit 1
}
Write-Host "[PASS] OS compatible: $($os.Caption)" -ForegroundColor Green
# Check for existing installation
Write-Host "`n[2/6] Checking for existing SentinelOne installation..." -ForegroundColor Yellow
$existingAgent = Get-Service -Name "SentinelAgent" -ErrorAction SilentlyContinue
if ($existingAgent) {
Write-Host "[WARN] SentinelOne agent already installed" -ForegroundColor Yellow
$response = Read-Host "Uninstall existing agent? (Y/N)"
if ($response -eq 'Y') {
Write-Host "Uninstalling existing agent..." -ForegroundColor Yellow
$productCode = (Get-WmiObject -Class Win32_Product | Where-Object {$_.Name -like "*SentinelOne*"}).IdentifyingNumber
Start-Process msiexec.exe -ArgumentList "/x $productCode /qn /l*v `"C:\Temp\sentinel-uninstall.log`"" -Wait -NoNewWindow
Start-Sleep -Seconds 10
Write-Host "[SUCCESS] Existing agent uninstalled" -ForegroundColor Green
} else {
Write-Host "Installation cancelled by user" -ForegroundColor Yellow
exit 0
}
}
# Check for conflicting security software
Write-Host "`n[3/6] Checking for conflicting security software..." -ForegroundColor Yellow
$avProducts = Get-WmiObject -Namespace "root\SecurityCenter2" -Class AntiVirusProduct -ErrorAction SilentlyContinue
if ($avProducts) {
$conflictingProducts = $avProducts | Where-Object {$_.displayName -notmatch "Windows Defender|SentinelOne"}
if ($conflictingProducts) {
Write-Host "[WARN] Conflicting security products detected:" -ForegroundColor Yellow
$conflictingProducts | ForEach-Object { Write-Host " - $($_.displayName)" }
Write-Host "Consider uninstalling these products before proceeding"
$response = Read-Host "Continue anyway? (Y/N)"
if ($response -ne 'Y') {
Write-Host "Installation cancelled by user" -ForegroundColor Yellow
exit 0
}
}
}
# Test console connectivity
Write-Host "`n[4/6] Testing connectivity to SentinelOne console..." -ForegroundColor Yellow
# Note: Cannot test console URL without existing installation, skip for new installs
Write-Host "[INFO] Console connectivity will be verified post-installation" -ForegroundColor Cyan
# Install agent
Write-Host "`n[5/6] Installing SentinelOne agent..." -ForegroundColor Yellow
# Ensure log directory exists
$logDirectory = Split-Path -Path $LogPath -Parent
if (!(Test-Path $logDirectory)) {
New-Item -Path $logDirectory -ItemType Directory -Force | Out-Null
}
# Build installation arguments
$arguments = @(
"/i `"$InstallerPath`""
"/qn"
"SITE_TOKEN=`"$SiteToken`""
"MSIRESTARTMANAGERCONTROL=Disable"
"/l*v `"$LogPath`""
)
# Execute installation
$process = Start-Process msiexec.exe -ArgumentList ($arguments -join ' ') -Wait -PassThru -NoNewWindow
# Check exit code
if ($process.ExitCode -eq 0) {
Write-Host "[SUCCESS] Installation completed successfully" -ForegroundColor Green
} elseif ($process.ExitCode -eq 3010) {
Write-Host "[SUCCESS] Installation completed - reboot required" -ForegroundColor Yellow
} else {
Write-Error "Installation failed with exit code: $($process.ExitCode)"
Write-Host "Review log file: $LogPath"
exit $process.ExitCode
}
# Wait for service to start
Write-Host "`n[6/6] Verifying agent service..." -ForegroundColor Yellow
$maxAttempts = 24 # 2 minutes
$attempt = 0
do {
$service = Get-Service -Name "SentinelAgent" -ErrorAction SilentlyContinue
if ($service -and $service.Status -eq "Running") {
Write-Host "[SUCCESS] SentinelAgent service is running" -ForegroundColor Green
break
}
Start-Sleep -Seconds 5
$attempt++
Write-Host "Waiting for service startup... ($attempt/$maxAttempts)" -ForegroundColor Cyan
} while ($attempt -lt $maxAttempts)
if (!$service -or $service.Status -ne "Running") {
Write-Error "Service failed to start within 2 minutes"
Write-Host "Check Windows Event Log and: $LogPath"
exit 1
}
# Final verification
Write-Host "`n=== Installation Summary ===" -ForegroundColor Cyan
$agentExe = Get-ChildItem "C:\Program Files\SentinelOne" -Recurse -Filter "SentinelAgent.exe" -ErrorAction SilentlyContinue | Select-Object -First 1
if ($agentExe) {
Write-Host "Agent Version: $($agentExe.VersionInfo.FileVersion)" -ForegroundColor Green
}
$regConfig = Get-ItemProperty -Path "HKLM:\SOFTWARE\SentinelOne\Sentinel Agent" -ErrorAction SilentlyContinue
if ($regConfig) {
Write-Host "Management Server: $($regConfig.ManagementServerUrl)" -ForegroundColor Green
Write-Host "Site ID: $($regConfig.SiteId)" -ForegroundColor Green
Write-Host "Agent ID: $($regConfig.AgentId)" -ForegroundColor Green
}
Write-Host "`n[SUCCESS] SentinelOne agent installed successfully" -ForegroundColor Green
Write-Host "Agent should appear in console within 2-5 minutes" -ForegroundColor Cyan
Write-Host "Log file: $LogPath" -ForegroundColor Cyan
exit 0Batch installation script for multiple computers:
# Install SentinelOne on multiple remote computers
$computers = @("WKS-001", "WKS-002", "WKS-003")
$installerPath = "\\fileserver\SentinelOne\SentinelInstaller_windows_64bit_v23.4.2.487.msi"
$siteToken = "your-site-token-here"
$results = foreach ($computer in $computers) {
Write-Host "`nInstalling on $computer..." -ForegroundColor Cyan
try {
# Copy installer to remote computer
$remotePath = "\\$computer\C$\Temp\SentinelInstaller.msi"
Copy-Item -Path $installerPath -Destination $remotePath -Force
# Execute remote installation
$result = Invoke-Command -ComputerName $computer -ScriptBlock {
param($token)
$process = Start-Process msiexec.exe -ArgumentList "/i C:\Temp\SentinelInstaller.msi /qn SITE_TOKEN=`"$token`" /l*v C:\Temp\sentinel-install.log" -Wait -PassThru -NoNewWindow
# Wait for service
$maxAttempts = 24
$attempt = 0
do {
$service = Get-Service -Name "SentinelAgent" -ErrorAction SilentlyContinue
if ($service -and $service.Status -eq "Running") {
return @{
ExitCode = $process.ExitCode
ServiceStatus = "Running"
}
}
Start-Sleep -Seconds 5
$attempt++
} while ($attempt -lt $maxAttempts)
return @{
ExitCode = $process.ExitCode
ServiceStatus = "Not Running"
}
} -ArgumentList $siteToken
[PSCustomObject]@{
ComputerName = $computer
Status = if ($result.ServiceStatus -eq "Running") { "Success" } else { "Failed" }
ExitCode = $result.ExitCode
ServiceStatus = $result.ServiceStatus
}
}
catch {
[PSCustomObject]@{
ComputerName = $computer
Status = "Error"
ExitCode = -1
ServiceStatus = "N/A"
Error = $_.Exception.Message
}
}
}
# Display results
$results | Format-Table -AutoSize
# Export results
$results | Export-Csv -Path "C:\Temp\SentinelOne-Batch-Install-$(Get-Date -Format 'yyyyMMdd-HHmmss').csv" -NoTypeInformation
Write-Host "`nInstallation complete on $($results.Count) computers"
Write-Host "Successful: $(($results | Where-Object {$_.Status -eq 'Success'}).Count)"
Write-Host "Failed: $(($results | Where-Object {$_.Status -ne 'Success'}).Count)"