Skip to main content

SentinelOne Deployment (macOS)

Description

SentinelOne is a cybersecurity company that specializes in endpoint security and threat intelligence. They provide a platform for autonomous endpoint protection that uses AI and machine learning to prevent, detect, and respond to a wide range of security threats, including malware, ransomware, and other cyberattacks.

This recipe will guide on how to setup and deploy to your macOS devices.

Ingredients

Directions

CreatingEditing the Installation Fileset:

  1. Download and uploadimport the SentinelOne profilesFileset tointo FileWave Central
  2. Create(we'll ahandle newthe EmptyProfiles Filesetlater)
  3. In thea Fileset,text editor, create a new folder under /usr/local/etc/FileWaveInstallers/ called SentinelOne and drop the PKG in.
  4. Create a plain text file,file named com.sentinelone.registration-token,token andthat copycontains only your Site/Group Token

    Screenshot 2025-01-15 at 11.22.14 AM.png


  5. ImportOpen the imported Fileset and replace the files under /usr/local/etc/FileWaveInstallers/SentinelOne with your registration token file into the sameand SentinelOne folder as the PKGPKG.

    Make sure the token file ownership is set to root:staff. You can change the ownership by selecting the file > Get Info > Ownership

  6. The "com.sentinelone.registration-token" plaintext file must also be extension-less in the fileset and will not work if the file has a .txt extension at the end of the file name.  If your filename ends in a ".txt" this can be removed/edited by right-clicking on the file in the fileset > "Rename".


    Before:After:

    Screenshot 2025-01-15 at 11.50.34 AM.pngScreenshot 2025-04-09 at 3.15.42 PM.png

    Screenshot 2025-04-09 at 3.19.27 PM.png


    Now we need to createedit athe install script so it points to install SentinelOne, using the tokenuploaded to register.installer.

  7. In Admin, select the SentinelOne Fileset and then select 'Scripts' in the toolbartoolbar.
  8. CreateEdit a newthe Activation Script,Script and paste the following.'Instal_SentinelOne.sh'. You will need to change the name of the PKG to what you have uploaded. Click OK to save. 
    sudo
    /usr/sbin/installer-pkg/usr/local/etc/FileWaveInstallers/SentinelOne/SentinelAgent_XXXX.pkg theInstallScript

    You're
    all set with the Installer!
    Before: After: -targetYour /installer's

    Video:name will be different

    CreatingScreenshot 2025-04-09 at 3.22.03 PM.png Screenshot 2025-04-09 at 3.22.31 PM.png
    Now we need to import the Profiles.four Profiles to allow the installer the access and permissions it needs

  9. Import the Profiles that were downloaded with the Fileset. To do so, just drag and drop the Profiles into FileWave Central. 


  10. Video: 

Importing Profiles

Profile Metadata shown below

  1. Download the profiles attached to this article: SentinelOne_Profiles.zip
  2. Unzip the download and import the profiles
    Video: Importing Profiles

 


Now deploy
We're all set! Now create a Deployment with the Fileset and four Profiles.
The Fileset contains a script that will only allow the Installation once all four Profiles have been installed. It is normal to see a Fileset failure the first andtry. then the Installer. SentinelOneIt will installkeep withtrying alluntil permissionsprofiles necessary.have installed. 


The check_profile script logs each attempt and why it either failed or succeeded. You can see this log by right-clicking on the script in Client Info>Fileset Status. Select the Fileset in the list and the script status will show on the right. Right-click to see script output.Screenshot 2025-04-09 at 3.30.03 PM.png
Screenshot 2025-04-09 at 3.34.09 PM.png

Profile Metadata

Service Management Profile

Service Management Profile

SentinelOne_ServiceManagementProfile.png

Privacy Control Configuration Profile

TCC Profile

SentinelOne_TCCProfile01.pngSentinelOne_TCCProfile02.png

Network System Extension Profile

Team Identifier: 4AYE5J54KN

Allowed System Extensions: com.sentinelone.network-monitoring

System Extension Profile

SentinelOne_SystemExtensionProfile.png

Web Content Filter Profile

Network Filter Profile

SentinelOne_WebContentFilterProfile.png