Install SentinelOne Agent

What the SentinelOne agent installer does

This Automox Worklet™ detects whether the SentinelOne agent is installed on your macOS endpoint by checking for the sentinelctl binary at /usr/local/bin/sentinelctl. If the agent is not found, the Worklet automatically installs and registers it using your site token.

The Worklet requires two configuration parameters: the SentinelOne installer package filename (such as SentinelAgent_macos_v21_5_3_5411.pkg) and your unique site token from the SentinelOne Packages section. These parameters make the installed agent automatically registers with your SentinelOne management console.

Why deploy SentinelOne through Automox

Endpoints without EDR protection create blind spots in your security posture where threats go undetected. When macOS endpoints lack SentinelOne agents, you cannot detect behavioral anomalies, autonomous threat response fails to trigger, and attackers exploit these unmonitored systems to establish footholds. Manual deployment leaves coverage gaps during the installation window, and human error results in missed endpoints that remain vulnerable indefinitely.

Automating SentinelOne deployment through this Worklet eliminates manual touchpoints and maintains uniform agent coverage. Every endpoint you target automatically receives the agent with correct registration, enabling real-time threat hunting and autonomous response across your entire macOS infrastructure.

How SentinelOne agent installation works

1. Evaluation phase: The Worklet executes sentinelctl status to check if SentinelOne is already running. If the command succeeds, the agent is installed and the Worklet completes with exit status 0. If the command fails, the agent is not installed and remediation is needed.

2. Remediation phase: The Worklet writes your site token to a temporary file, copies the installer package to /tmp, executes the macOS installer command to install the package to /Library/, and verifies success by running sentinelctl status again. Temporary files are cleaned up after installation completes.

SentinelOne installation requirements

• macOS endpoint (workstation or server)

• Administrator or root-level execution permissions

• SentinelOne installer package file (.pkg) available on the endpoint

• Valid site token from your SentinelOne Packages section for agent registration

• Network connectivity to reach the SentinelOne management console after installation

Expected state after SentinelOne installation

After the Worklet completes successfully, the SentinelOne agent runs on your macOS endpoint with sentinelctl available at /usr/local/bin/sentinelctl. The agent automatically registers with your SentinelOne management console using the site token you provided.

Verification: Run sentinelctl status on the endpoint, which returns agent status and version information. Verify the endpoint appears in your SentinelOne Singularity console under the appropriate site group. Check that the agent state shows as "Protected" and threat detection is active. Test behavioral detection by downloading the EICAR test file to confirm the agent blocks known test malware patterns.