Windows OS | Details |
---|---|
Windows Server Core | 2022, 2019, 2016, 2012 |
Windows Server | 2022, 2019, 2016, 2012 R2, 2012, 2008 R2 SP1
Note: Windows Server 2012 R2 on an AWS T3 instance requires a workaround for agent not showing in console:
|
Windows Storage Server | 2016, 2012 R2, 2012 |
Windows 7 SP1, 8, 8.1, 10, 11 | 32/64-bit
All Windows Agents, starting from version 21.5.2, fully support Windows 11. All versions of Agents that are supported according to the lifecycle are tested for compatibility for each Windows 10 release. Some Deep Visibility functionality is not fully supported on Windows 10 Redstone 5 (October 2018 Update) with 2.5, 2.6, and 2.7 Agents. If you upgrade a Windows 10 endpoint to RS5, TCP connection events are reported for Windows Agents of version 2.8+. Important: For Agents installed on Windows 8.1 and Windows Server 2012 R2: To update the OS with Microsoft Updates, click this link. These updates are required for the endpoints to connect to the Management. If you do not download these updates, the endpoints will be rejected by the Management due to weak SSL. Download the updates in this order:
Microsoft ended support for Windows 7, January 2020. SentinelOne continues to support Agents on Windows 7 for up to three years after the Microsoft End Of Life declaration. Windows 10 offers a much better security architecture than Windows 7, and the Agent on Windows 10 supports these enhanced security features. Therefore, we strongly advise that you migrate your endpoints to Windows 10. |
Editions | Supported editions: Home, Pro, Pro for Workstations, Enterprise, Education, Pro Education, Enterprise LTSC, Embedded (UI issue fixed in Agent version 3.4.1.7), Windows 10 IoT Enterprise
Not supported: Mobile, Windows 10 IoT Core |
Minimum | Recommended |
---|---|
1 GHz CPU or better
Single-core (can install but there are performance issues) |
Dual-core |
1 GB RAM | 2 GB RAM or more |
2 GB free disk space on the Windows partition
10% of disk for VSS snapshots |
3 GB recommended
10% of disk for VSS snapshots |
Minimum | Recommended |
---|---|
Windows Defender | On Windows Servers, Microsoft Defender Antivirus do not enter passive or disabled mode if you have SentinelOne installed. We recommend that you uninstall Microsoft Defender Antivirus on Windows Servers to prevent interoperability issues.
The behavior when an Agent is installed on an endpoint with Windows Defender installed differs depending on the Windows OS version. |
.NET Framework 4 and later on Windows 7 and Server 2008 R2 for the old EXE installer (earlier than Agent version 22.1). | Not needed for the MSI installer or the new EXE installer (Agent version 22.1+). |
On Windows 10 version 1607 and Windows Server 2016, install Microsoft KB4093119, to make sure old logs in ProgramDataSentinellogs are deleted. | An endpoint should have only 16 log files, taking up no more than 1.6 GB. |
On Windows 8.1 and Windows Server 2012 R2, install update 2919355 to enable new TLS cipher suites. | |
On Windows 7, Windows 7 Service Pack 1 (SP1), Windows Server 2012, and Windows Server 2008 R2 SP1, install the Update to enable TLS 1.2 as default secure protocols in WinHTTP and add the Registry subkey, as shown in the article. | Management-Agent communication uses TLS 1.2. This is not supported by default in Windows 7. You must install this update and add the registry subkey, as shown in the article. |
KB3033929 (SHA2) – Security Update for Windows 7 SP1 and Windows Server 2008 R2. | This security update must be installed on Windows 7 SP1 and Windows Server 2008 R2 SP1 to meet minimum requirements for the installer. |
KB2758857 for Windows 7 and Windows Server 2008 R2 or KB4457144 – Security updates for Windows 7 SP1 and Windows Server 2008 R2 | After you install the security updates, you must restart the endpoint and run the Agent installation again. |
Microsoft Windows Volume Shadow Copy Service (VSS) | Configure VSS before you install the Agent. |
GPO Chrome Extensions | The SentinelOne Chrome extension is part of the Agent installation. When you install or upgrade the Windows Agent with GPO, Chrome extensions must be enabled. |
GPO Privileges | The administrator who runs Agent installation through group policy must have RESTORE and TAKE OWNERSHIP privileges to prevent an installer crash. |
DigiCert | If the endpoint does not get Windows updates, you must manually install DigiCert for the Agent to communicate with the Management. |
Windows Root Certificates | Update Windows Root Certificates. If you do not, it could lead to invalid signature errors. |
Windows Services set to Automatic | Base Filtering Engine Service
Windows Update Service |
Required Windows Administrator Permissions
The Windows Agent installer works on supported Windows endpoints with default settings. If your environment is hardened with specific changes, the installer might fail or crash. Make sure your environment fulfills these requirements for a successful installation.
- The Windows Agent installation requires Administrator permissions, with write permissions to C:UsersPublicDocuments and C: root. Install only as an Administrator, whether local, remote, GPO, or other.
- The Agent Anti-Tampering process restores and takes ownership of files during installation. The user running the installation must have Restore and Take Ownership privileges (default for Windows Administrator).
- The Agent Installer adds a trusted publisher to the machine certificate store that signs the PowerShell profile script of its PowerShell Protection. The local Administrator user must have privileges to install trusted publisher certificates.
- The Agent Installer creates a backup of the ELAM driver in the ELAM backup directory, ELAMBKUP, configured in the system registry. This directory must exist.
- The Agent installs drivers to the Program Files directory. The Program Files directory must be on the system boot volume.
- The Windows System user is required. Do not delete it!
- The Windows Management Instrumentation (WMI) Service (winmgmt) is required.