SentinelOne Agent Installation & Secondary Scan
SentinelOne Agent Installation & Secondary Scan Nov 2022
(For Secondary scanning)
Installation for PC:
Our secondary AV scanner - SentinelOne Agent, can be deployed to our PCs using one of the following methods:
- For Intune/ Co-managed devices, use the AAD group - AAD-Device-CG-SentinelOne-Install. The install should get triggered in 30 mins.
-
For SCCM managed/ expedite install, download the SentinelOne .exe installer and save it to C:\temp : SentinelOneInstaller_windows_64bit_v22_1_4_10010.exe
To run the .exe installer, open an elevated cmd prompt and go to c:\temp. Then run this line below to begin the install:
SentinelOneInstaller_windows_64bit_v22_1_4_10010.exe --dont_fail_on_config_preserving_failures -t eyJ1cmwiOiAiaHR0cHM6Ly91c2VhMS0wMTYuc2VudGluZWxvbmUubmV0IiwgInNpdGVfa2V5IjogIjQzYThhZjIyMDA4NGZhMjkifQ==
(P.S. Ensure our site token is included in the command: eyJ1cmwiOiAiaHR0cHM6Ly91c2VhMS0wMTYuc2VudGluZWxvbmUubmV0IiwgInNpdGVfa2V5IjogIjQzYThhZjIyMDA4NGZhMjkifQ== )
Alternatively, to run the installer from PowerShell:
./SentinelOneInstaller_windows_64bit_v22_1_4_10010.exe --dont_fail_on_config_preserving_failures -t eyJ1cmwiOiAiaHR0cHM6Ly91c2VhMS0wMTYuc2VudGluZWxvbmUubmV0IiwgInNpdGVfa2V5IjogIjQzYThhZjIyMDA4NGZhMjkifQ==
*Installation for Windows Server - download the server installer from here: SentinelOneInstaller_windows_64bit_v22_1_5_11025.exe
Then, run the installer from an elevated cmd prompt:
SentinelOneInstaller_windows_64bit_v22_1_5_11025.exe --dont_fail_on_config_preserving_failures -t eyJ1cmwiOiAiaHR0cHM6Ly91c2VhMS0wMTYuc2VudGluZWxvbmUubmV0IiwgInNpdGVfa2V5IjogIjA2MTFhYmNhYTFkMTZiZDQifQ==
Once the install is complete (either thru Intune/ standalone .exe), a full scan will occur on the device in the background within the next hour. When instructed by Security, please retrieve the scan report/ resultant log files below from the device and forward them to ITSecurityAdmin@CGF.com .
- C:\ProgramData\Sentinel\logs\*.scan_report.txt (e.g. 133034080899000000.scan_report.txt)
- C:\ProgramData\Sentinel\logs\LastScanReport.log
Uninstallation:
Please email ITSecurityAdmin@cgf.com to request an Agent removal if necessary/ after a full scan is complete. The uninstallation will either have to be initiated thru the SentinelOne console, or by using a standalone local cleanup tool.
Secondary Scan:
Two ways to perform secondary scan – via Sentinel One console or locally on the PC in question.
Via Sentinel One console:
Forward your S1 account setup request to ITSecurityAdmin@cgf.com. Once the account is ready, login to SentinelOne from this link below using the “Login with SSO” option.
SentinelOne - Management Console (https://usea1-016.sentinelone.net/)
Once logged in, navigate to ‘Sentinels’ on the left:
Search for the PC that requires scanning using the filter:
Select the PC in question and initiate a Full Disk Scan using the Actions menu as shown below:
Provided that the PC is online, a scan should get initiated in 5 minutes. The scan should complete in about an hour. Please retrieve the scan report/ resultant log files below forward them to ITSecurityAdmin@CGF.com .
- C:\ProgramData\Sentinel\logs\*.scan_report.txt (e.g. 133034080899000000.scan_report.txt)
- C:\ProgramData\Sentinel\logs\LastScanReport.log
Initiate Scan Locally on PC:
Assuming S1 agent is properly installed, go to My Computer and right Click C:, then select ‘Scan for Threats’
Alternatively, you can open an elevated prompt and initiate a scan with these commands:
cd "c:\Program Files\SentinelOne\Sentinel Agent version"
sentinelctl scan_folder -t
In both cases, a progress bar will be presented at the bottom right corner of the desktop while the scan is running. Cancel the scan if it’s causing interruption to the user.
The scan should complete in about an hour. Please retrieve the scan report/ resultant log files below forward them to ITSecurityAdmin@CGF.com .
- C:\ProgramData\Sentinel\logs\*.scan_report.txt (e.g. 133034080899000000.scan_report.txt)
- C:\ProgramData\Sentinel\logs\LastScanReport.log