Learn how to deploy the SentinelOne S1 agent (v4.4+) to your macOS devices as a Custom App
This version will use a System Extension instead of a KEXT approval. The combined profile is compatible with macOS 10.15+.
Setup Requirements in Kandji to Deploy S1:
SentinelOne Custom Profile - Download Here
Custom App Library Item
Add the SentinelOne Custom Profile:
Click Library on the left-hand navigation bar.
Click Add New in the upper right-hand corner.
Click Custom Profile, then Add & Configure +.
Configure the Custom Profile
Assign a name to the Custom Profile Library Item.
Assign a Blueprint or multiple blueprints.
- Set "Device Families" to Mac.
Upload the Sentinel-One-Combined-Profile.mobileconfig profile.
Add SentinelOne as a Custom App:
Click Library on the left-hand navigation bar.
Click Add New in the upper right-hand corner.
Click Custom App from the Add New window.
Configure the Custom App:
Give your custom app a Name.
Assign your custom app to a test Blueprint.
Select Audit and Enforce as the execution frequency.
Paste the following Audit Script.
(No modifications needed.)#!/bin/bash
#Searching for application via the appPath listed below
installer="SentinelOne Installer"
appPath="/Library/Sentinel/sentinel-agent.bundle/Contents/MacOS/SentinelAgent.app/"
if [[ -e $appPath ]]; then
echo "$appPath was found. Exiting…"
exit 0
else
echo "$appPath was not found, running $installer"
exit 1
fiUnder Install Details, choose ZIP File.
- Compress the SentinelOneInstaller.pkg, you downloaded from S1 into a zip file and upload it to Kandji.
For the Unzip Location, input: /var/tmp
Paste the following Pre-Install Script.
(Update TokenHere with Enterprise Token, place the enterprise token within single quotes).#!/bin/sh
## Ensure you update the TokenHere below with the Token provided by SentinelOne.
echo 'TOKEN_HERE' > /var/tmp/"com.sentinelone.registration-token"Upload the SentinelOne ZIP file.
Paste the following Post-Install Script.
(Update SentinelOneInstaller.pkg with pkg name that was downloaded prior to compressing it in step 5.a, for example: SentinelOneInstallerVersionxx.xx_xxx.pkg).#!/bin/sh
## Ensure you update the .pkg name below to properly reflect the proper package name as it was downloaded from SentinelOne.
/usr/sbin/installer -pkg /var/tmp/SentinelOneInstaller.pkg -target /Click Save.
