Help

SentinelOne Anti Visrus?

dstranathan
Valued Contributor II

Posted on ‎02-14-2018 12:34 PM

Does anyone have any first-hand knowledge or opinions on SentinelOne. I have never heard of them until today when a local security consultant recomended them for Windows & Mac. Curious if anyone has experence installing/managing this product.

SentinelOne was recently awarded "Best Mac AV" by AV-Test.org.

https://www.sentinelone.com/blog/sentinelone-best-av-macos/

https://www.av-test.org/en/news/news-single-view/put-to-the-test-antivirus-solutions-for-macos-sierra/

0 Kudos
12 REPLIES 12

jsellers
New Contributor

Posted on ‎02-15-2018 12:11 PM

Our school district has been using SentinalOne for about 7 months now and it is really easy to push out the package with Jamf Pro. So far we are liking it a lot. It does not slow down the computers at all.

ThijsX
Valued Contributor
Valued Contributor

Posted on ‎02-15-2018 12:18 PM

@dstranathan Currently we are implementing Carbon Black Defense, till now we are positive about the product / managing / deploying.
https://www.carbonblack.com/products/cb-defense/

leojason
New Contributor

Posted on ‎05-11-2018 03:56 PM

We are rolling out SentineOne as well. Looks pretty good. The recent OSX update required the additional KEXT setting.

reccos02star
New Contributor II

Posted on ‎06-28-2018 07:56 PM

Does anyone know how to make a smart group to identify if SentinelOne is installed? I'm pushing it out, but it's failing on computers that it's already been installed to (which it should), but I want so exclude those computers so it doesn't try to reinstall it.

rihardsp
New Contributor III

Posted on ‎06-29-2018 04:40 AM

Criteria - application title, operator - does not have, value - applicationName.app

0 Kudos

Chuey
Contributor III

Posted on ‎06-29-2018 05:01 AM

I HIGHLY recommend SentinelOne.

I dropped over 70 pieces of Malware/Adware/Viruses at it ALL AT ONCE and it stopped every piece of bad software. Awesome agent for Macs.

reccos02star
New Contributor II

Posted on ‎07-03-2018 11:13 AM

@rihardsp, I tried that and it doesn't work. It can't find the SentinelOne.app, so it returns nothing.

0 Kudos

edullum
Contributor

Posted on ‎07-11-2018 05:55 AM

Our school district is also using S1. Has anyone figured out how to have the S1 client automatically be "approved" with distribution rather than having a box pop up for the end user asking them to accept it? We are running High Sierra.

Chuey
Contributor III

Posted on ‎07-11-2018 05:58 AM

@edullum Yes, you can whitelist it so it's an approved kernal extension. You use it's bundleID to whitelist I think.

I would talk to you S1 Engineer and I'm sure s/he can get you that info to white list -- I know mine told me about whitelisting and offered me the necessary information to get it done.

emily
Valued Contributor III
Valued Contributor III

Posted on ‎07-11-2018 07:01 AM

@reccos02star this is kind of old, so test accordingly, but at a previous employer we used SentinelOne and I used this EA to report if the agent is installed, and if so, what version:
https://github.com/smashism/jamfpro-extension-attributes/blob/master/version_sentinelone.sh

0 Kudos

edullum
Contributor

Posted on ‎07-11-2018 08:12 AM

@Chuey thanks for your help! I was able to obtain the information in the offline setup guide within the SentinalOne admin console. There is a chapter in that guide on how to install S1 on High Sierra with the parameter to approve the application on behalf of the end user. Within the Instaling on macOS High Sierra it will give you the parameters to enter into the "Execute Command Line" in the policy.

0 Kudos

tjhall
Contributor III

Posted on ‎07-11-2018 08:33 AM

It's a pain to un-install if the client lost communication with the server but works very well generally.
As above, scope it via".app installed policy" using the downloaded package from the console.
If installed using a build make sure it's set to "after reboot".