Skip to content

MacOS - Installation with Jamf

Installing a Package with Jamf#

  1. Launch Jamf and log in.

  2. Click Settings > Computer Management > Packages.

  3. Click +New.

  4. Upload the SentinelOne Agent PKG file to Jamf.

  5. Set the Category to Packages.

  6. Click Save.

  7. Click Settings > Computer Management > Scripts.

  8. Enter these lines, with your values for the Site or Group Token and SentinelAgent_macos_version.pkg:

    text
    sudo echo "token" > /Library/Application\ Support/JAMF/Waiting\ Room/com.sentinelone.registration-token
sudo /usr/sbin/installer -pkg /Library/Application\ Support/JAMF/Waiting\ Room/SentinelAgent_macos_version.pkg -target /

    Example:

    text
    sudo echo "eyfdgfdgdfgfdgfdgcvbvcbfydfdsfdsfdsfdsfsdfhyJ9" > /Library/Application\ Support/JAMF/Waiting\ Room/com.sentinelone.registration-token
sudo /usr/sbin/installer -pkg /Library/Application\ Support/JAMF/Waiting\ Room/SentinelAgent_macos_v21_12_2_6003.pkg -target /

  9. Click Save.

  10. In Computers > Policies.

  11. Click Packages and change Action to Cache.

  12. Click Scripts and change Priority to After.

  13. Click Save.

    The Agent installs the next time the selected endpoint connects with Jamf.

Creating a Privacy Control Configuration Profile#

Use the Privacy Control Configuration profile to grant the Full Disk Access permissions.

To Upload a New Configuration Profile:

  1. Download the Privacy Control Agent mobileconfig file.

  2. Click Computers > Configuration Profiles.

  3. Click Upload.

  4. Click Choose File.

  5. Select the Privacy Control configuration profile mobileconfig file you downloaded, and click Upload.


    Recommend: Open the profile in a text editor, and replace Your Company with your company’s name.


    Alternatively, copy this text, replace Your Company with your company’s name, save it as a mobileconfig file, and upload it:


    SentinelOne - Privacy Control Agent version 21.7 and later.mobileconfig:

    text
    <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" ";
<plist version="1.0">
<dict>
	<key>PayloadContent</key>
	<array>
		<dict>
			<key>PayloadDescription</key>
			<string></string>
			<key>PayloadDisplayName</key>
			<string>Privacy Preferences Policy Control</string>
			<key>PayloadIdentifier</key>
			<string>236FFBB3-159D-4A5F-B146-AAA7BBA11FF0</string>
			<key>PayloadOrganization</key>
			<string>Your Company</string>
			<key>PayloadType</key>
			<string>com.apple.TCC.configuration-profile-policy</string>
			<key>PayloadUUID</key>
			<string>236FFBB3-159D-4A5F-B146-AAA7BBA11FF0</string>
			<key>PayloadVersion</key>
			<integer>1</integer>
			<key>Services</key>
			<dict>
				<key>SystemPolicyAllFiles</key>
				<array>
					<dict>
						<key>Allowed</key>
						<integer>1</integer>
						<key>CodeRequirement</key>
						<string>anchor apple generic and identifier "com.sentinelone.sentineld" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN")</string>
						<key>Identifier</key>
						<string>com.sentinelone.sentineld</string>
						<key>IdentifierType</key>
						<string>bundleID</string>
						<key>StaticCode</key>
						<integer>0</integer>
					</dict>
					<dict>
						<key>Allowed</key>
						<integer>1</integer>
						<key>CodeRequirement</key>
						<string>anchor apple generic and identifier "com.sentinelone.sentineld-helper" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN")</string>
						<key>Identifier</key>
						<string>com.sentinelone.sentineld-helper</string>
						<key>IdentifierType</key>
						<string>bundleID</string>
						<key>StaticCode</key>
						<integer>0</integer>
					</dict>
					<dict>
						<key>Allowed</key>
						<integer>1</integer>
						<key>CodeRequirement</key>
						<string>anchor apple generic and identifier "com.sentinelone.sentineld-shell" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN")</string>

						<key>Identifier</key>
						<string>com.sentinelone.sentineld-shell</string>
						<key>IdentifierType</key>
						<string>bundleID</string>
						<key>StaticCode</key>
						<integer>0</integer>
					</dict>
				</array>
			</dict>
		</dict>
	</array>
	<key>PayloadDescription</key>
	<string>Provides access to all disk to SentinelOne processes</string>
	<key>PayloadDisplayName</key>
	<string>SentinelOne - Privacy Control</string>
	<key>PayloadIdentifier</key>
	<string>0F7D9FAD-1257-402C-A942-354723513881</string>
	<key>PayloadOrganization</key>
	<string>Sentinel Labs, Inc.</string>
	<key>PayloadRemovalDisallowed</key>
	<true/>
	<key>PayloadScope</key>
	<string>System</string>
	<key>PayloadType</key>
	<string>Configuration</string>
	<key>PayloadUUID</key>
	<string>5961E10D-A589-4A7E-9790-8F1C55511014</string>
	<key>PayloadVersion</key>
	<integer>1</integer>
</dict>
</plist>

  6. Click Scope.

  7. Select Targets and set the devices to receive the configuration profile.

  8. Click Save.

Creating a Network Monitoring Extension Profile#

Use the Network Monitoring Extension profile to pre-authorize the installation of the Network Extension.

The instructions here show the steps in Jamf. Use a similar procedure in other MDM tools.

To Upload a New Configuration Profile:

  1. Download the Network Monitoring Extension mobileconfig file.

  2. Click Computers > Configuration Profiles.

  3. Click Upload.

  4. Click Choose File.

  5. Select the Network Monitoring Extension mobileconfig file you downloaded, and click Upload.

    Alternatively, copy this text, save it as a mobileconfig file, then upload it:

    text
    <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" ";
<plist version="1.0">
<dict>
	<key>PayloadContent</key>
	<array>
		<dict>
			<key>AllowUserOverrides</key>
			<true/>
			<key>AllowedSystemExtensions</key>
			<dict>
				<key>4AYE5J54KN</key>
				<array>
					<string>com.sentinelone.network-monitoring</string>
				</array>
			</dict>
			<key>PayloadDescription</key>
			<string></string>
			<key>PayloadDisplayName</key>
			<string>System Extensions</string>
			<key>PayloadIdentifier</key>
			<string>1BDD5153-6C81-4E0F-B409-1C321FF5E251</string>
			<key>PayloadOrganization</key>
			<string> Consulting</string>
			<key>PayloadType</key>
			<string>com.apple.system-extension-policy</string>
			<key>PayloadUUID</key>
			<string>1BDD5153-6C81-4E0F-B409-1C321FF5E251</string>
			<key>PayloadVersion</key>
			<integer>1</integer>
		</dict>
	</array>
	<key>PayloadDescription</key>
	<string>Enables automatic loading of SentinelOne System Extension.</string>
	<key>PayloadDisplayName</key>
	<string>SentinelOne - Network Monitoring Extension</string>
	<key>PayloadIdentifier</key>
	<string>C957C35F-004C-4CF4-B075-9CAE5739081B</string>
	<key>PayloadOrganization</key>
	<string>Sentinel Labs, Inc.</string>
	<key>PayloadRemovalDisallowed</key>
	<true/>
	<key>PayloadScope</key>
	<string>System</string>
	<key>PayloadType</key>
	<string>Configuration</string>
	<key>PayloadUUID</key>
	<string>67BEF468-52BF-4DC9-96E2-2CCF1FEA127E</string>
	<key>PayloadVersion</key>
	<integer>1</integer>
</dict>
</plist>

Creating a Network Filter Validation Profile#

Use the Network Filter Validation profile to pre-authorize the usage of the SentinelOne Network Filter by the Network Monitoring Extension.

The instructions here show the steps in JAMF. Use a similar procedure in other MDM tools.

To Upload a New Configuration Profile:

  1. Download the Network Filter Validation mobileconfig file.

  2. Click Computers > Configuration Profiles.

  3. Click Upload.

  4. Click Choose File.

  5. Select the Network Filter Validation mobileconfig file you downloaded, and click Upload.

    Alternatively, copy this text, save it as a mobileconfig file, and upload it:

    text
    <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" ";
<plist version="1.0">
<dict>
	<key>PayloadContent</key>
	<array>
		<dict>
			<key>FilterDataProviderBundleIdentifier</key>
			<string>com.sentinelone.network-monitoring</string>
			<key>FilterDataProviderDesignatedRequirement</key>
			<string>identifier "com.sentinelone.network-monitoring" and anchor apple generic and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "4AYE5J54KN")</string>
			<key>FilterGrade</key>
			<string>firewall</string>
			<key>FilterPackets</key>
			<false/>
			<key>FilterSockets</key>
			<true/>
			<key>FilterType</key>
			<string>Plugin</string>
			<key>PayloadDisplayName</key>
			<string>Web Content Filter Payload</string>
			<key>PayloadIdentifier</key>
			<string>14DDD990-E2D8-4DD1-8CC6-72FEFB5F252B</string>
			<key>PayloadOrganization</key>
			<string>JAMF Software</string>
			<key>PayloadType</key>
			<string>com.apple.webcontent-filter</string>
			<key>PayloadUUID</key>
			<string>14DDD990-E2D8-4DD1-8CC6-72FEFB5F252B</string>
			<key>PayloadVersion</key>
			<integer>1</integer>
			<key>PluginBundleID</key>
			<string>com.sentinelone.extensions-wrapper</string>
			<key>UserDefinedName</key>
			<string>SentinelOne Extensions</string>
		</dict>
	</array>
	<key>PayloadDescription</key>
	<string>Authorizes SentinelOne Network Filter automatic validation.</string>
	<key>PayloadDisplayName</key>
	<string>SentinelOne - Network Filter Validation</string>
	<key>PayloadIdentifier</key>
	<string>7889BE15-9387-4CDD-B2D7-D57B65EDA1E5</string>
	<key>PayloadOrganization</key>
	<string>Sentinel Labs, Inc.</string>
	<key>PayloadRemovalDisallowed</key>
	<true/>
	<key>PayloadScope</key>
	<string>System</string>
	<key>PayloadType</key>
	<string>Configuration</string>
	<key>PayloadUUID</key>
	<string>2C480E0F-AA21-420F-8BC8-0E1AC975BC51</string>
	<key>PayloadVersion</key>
	<integer>1</integer>
</dict>
</plist>

  6. Click Scope.

  7. Select Targets and set the devices to receive the configuration profile.

  8. Click Save.

Creating a Notification Profile#

Use the Notification profile to approve all notifications from the SentinelOne Agent.

To create a New Configuration Profile:

  1. Click Computers > Configuration Profiles.
  2. Click + New.
  3. In the sidebar on the left click Notifications
  4. Create a new Notifications profile:
    • App Name: SentinelOne
    • Bundle ID: com.sentinelOne.SentinelAgent
    • Critical Alerts: Enabled
    • Notifications:
    • Banner alert type
    • Notifications on Lock screen: Display
    • Notifications in Notification Center: Display
    • Badge app icon: Display
    • Play sound for notifications: Enable
  5. Click Save.
  6. Click Scope.
  7. Select Targets and set the devices to receive the configuration profile.
  8. Click Save.

Creating a Service Management Profile #

Agents: macOS 22.2.3 Kextless + | Ventura 13.0+

Use the Service Management Profile to approve the SentinelOne Agent in the Login Items on macOS Ventura and above. This profile will prevent users from disabling the SentinelOne daemons.

To Upload a New Configuration Profile:

  1. Download the Service Management mobileconfig file.

  2. Click Computers > Configuration Profiles.

  3. Click Upload.

  4. Click Choose File.

  5. Select the Service Management configuration profile you downloaded, and click Upload.

    Alternatively, copy this text, save it as a mobileconfig file, and upload it:

    text
    <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" ";
<plist version="1.0">
<dict>
	<key>PayloadContent</key>
	<array>
		<dict>
			<key>PayloadType</key>
			<string>com.apple.servicemanagement</string>
			<key>PayloadIdentifier</key>
			<string>com.apple.servicemanagement.E01FDD5D-6953-4F89-AE9C-98EC6AF31483</string>
			<key>PayloadUUID</key>
			<string>E01FDD5D-6953-4F89-AE9C-98EC6AF31483</string>
			<key>Rules</key>
			<array>
				<dict>
					<key>RuleType</key>
					<string>LabelPrefix</string>
					<key>RuleValue</key>
					<string>com.sentinelone.</string>
					<key>Comment</key>
					<string>Prevent removal of SentinelOne Launch Agents and Launch Daemons</string>
				</dict>
				<dict>
					<key>RuleType</key>
					<string>BundleIdentifierPrefix</string>
					<key>RuleValue</key>
					<string>com.sentinelone.</string>
					<key>Comment</key>
					<string>Prevent removal of SentinelOne Launch Agents and Launch Daemons</string>
				</dict>
			</array>
		</dict>
	</array>
	<key>PayloadDescription</key>
	<string>Manage components that run at start up</string>
	<key>PayloadDisplayName</key>
	<string>Service Management</string>
	<key>PayloadIdentifier</key>
	<string>2B752EEE-3A7D-4995-94C2-41532A4479E4</string>
	<key>PayloadOrganization</key>
	<string>SentinelOne</string>
	<key>PayloadRemovalDisallowed</key>
	<true/>
	<key>PayloadScope</key>
	<string>System</string>
	<key>PayloadType</key>
	<string>Configuration</string>
	<key>PayloadUUID</key>
	<string>8F211DB0-7065-4A0D-8738-7277C7CDD384</string>
	<key>PayloadVersion</key>
	<integer>1</integer>
</dict>
</plist>

  6. Click Scope.

  7. Select Targets and set the devices to receive the configuration profile.

  8. Click Save.