Deploying SentinelOne as a Custom App

By Andrew Merrick

Learn how to deploy the SentinelOne S1 agent (v4.4+) to your macOS devices as a Custom App 

This version will use a System Extension instead of a KEXT approval. The combined profile is compatible with macOS 10.15+.

Setup Requirements in Kandji to Deploy S1:

  • SentinelOne Custom Profile - Download Here

  • Custom App Library Item

Add the SentinelOne Custom Profile:

  1. Click Library on the left-hand navigation bar.

  2. Click Add New in the upper right-hand corner.

  3. Click Custom Profile, then Add & Configure +.

Configure the Custom Profile

  1. Assign a name to the Custom Profile Library Item.

  2. Assign a Blueprint or multiple blueprints.

  3. Set "Device Families" to Mac.
  4. Upload the Sentinel-One-Combined-Profile.mobileconfig profile.

Add SentinelOne as a Custom App:

  1. Click Library on the left-hand navigation bar.

  2. Click Add New in the upper right-hand corner.

  3. Click Custom App from the Add New window.

Configure the Custom App:

  1. Give your custom app a Name.

  2. Assign your custom app to a test Blueprint.

  3. Select Audit and Enforce as the execution frequency.

  4. Paste the following Audit Script.
    (No modifications needed.)

    #!/bin/bash

    #Searching for application via the appPath listed below
    installer="SentinelOne Installer"
    appPath="/Library/Sentinel/sentinel-agent.bundle/Contents/MacOS/SentinelAgent.app/"

    if [[ -e $appPath ]]; then
    echo "$appPath was found. Exiting…"
    exit 0
    else
    echo "$appPath was not found, running $installer"
    exit 1
    fi

  5. Under Install Details, choose ZIP File.

    1. Compress the SentinelOneInstaller.pkg, you downloaded from S1 into a zip file and upload it to Kandji.
  6. For the Unzip Location, input: /var/tmp

  7. Paste the following Pre-Install Script.
    (Update TokenHere with Enterprise Token, place the enterprise token within single quotes).

    #!/bin/sh

    ## Ensure you update the TokenHere below with the Token provided by SentinelOne.

    echo 'TOKEN_HERE' > /var/tmp/"com.sentinelone.registration-token"
  8. Upload the SentinelOne ZIP file.

  9. Paste the following Post-Install Script.
    (Update SentinelOneInstaller.pkg with pkg name that was downloaded prior to compressing it in step 5.a, for example: SentinelOneInstallerVersionxx.xx_xxx.pkg).

    #!/bin/sh

    ## Ensure you update the .pkg name below to properly reflect the proper package name as it was downloaded from SentinelOne.

    /usr/sbin/installer -pkg /var/tmp/SentinelOneInstaller.pkg -target /

  10. Click Save.