INSTALLING WINDOWS AGENT 22.

1+ WITH THE NEW INSTALLATION PACKAGE

To make the Agent deployment process more robust, we introduced a new installation package.

We still support the MSI installation package, but we recommend you use the new installer for a
better installation experience and success rates. The new installation package is an MSI installer run
by a SentinelOneInstaller.exe executable.

Use this new file to install Windows Agent 22.1 and later.

To upgrade a Windows Agent to version 22.1 and later with the new installation package, see
Updating the Windows Agent 22.1+ with the New Installation Package[updating-the-windows-agent-22-
1--with-the-new-installation-package.html].

To install the Windows Agent in a cloud environment, see Installing the Windows Agent with the AWS
Systems Manager[installing-the-windows-agent-with-the-aws-systems-manager.html].

The new installation package is GA in Windows Agent version 22.1 GA.

 Important

There are some changes in the installer arguments format between

SentinelInstaller.exe (the old package) and SentinelOneInstaller.exe (the new
package). Review your deployment scripts to identify if any change is required.

For Windows Agent 22.1 and above, SentinelInstaller.exe (the old package) will
be replaced by SentinelOneInstaller.exe (the new package).

Prerequisites:

Make sure you have all requirements[agent-requirements-on-windows.html] before you start the
installation.

The installation requires a user role with Administrator permissions.

 Download the Installation Package[installing-windows-agent-22-1--with-the-new-installation-
package.html#UUID-1d30b56d-0ff8-1f26-023f-8219fddab745_sidebar-

idm4597147381673633212904357094].

Get the Site or Group Token[installing-windows-agent-22-1--with-the-new-installation-

package.html#UUID-1d30b56d-0ff8-1f26-023f-8219fddab745_sidebar-

idm4597147078825633212897259782].

The installer runs a series of tests on the endpoint to see if the installation will succeed. For details,
see Tests Run by the Installer on Endpoints Before Installing the Agent[installing-windows-agent-22-1--
with-the-new-installation-package.html#UUID-1d30b56d-0ff8-1f26-023f-8219fddab745_sidebar-

idm4665755208244833336933697585].

 Download the Installation Package

[#UUID-1d30b56d-0ff8-1f26-023f-8219fddab745_sidebar-idm4597147381673633212904357094_body]

 Get the Site or Group Token

[#UUID-1d30b56d-0ff8-1f26-023f-8219fddab745_sidebar-idm4597147078825633212897259782_body]

 Install the Agent By Double-Clicking the File: Versions 22.2+

[#UUID-1d30b56d-0ff8-1f26-023f-8219fddab745_sidebar-idm4581075129518433069507791479_body]

Objective: Install SentinelOne Windows Agent on a local endpoint by double-clicking the

installation file.

 Note

This option is available only for Agent versions 22.2+.

1 Go to the folder where you downloaded the new installation package.

2 Double-click the installation file.

3 Follow the instructions of the wizard.

4 Enter the Site or Group Token and click Install.
 5 Wait for the process to complete.

 Install the Agent From the Local Command Line or a Deployment Tool: Versions 22.2+
[#UUID-1d30b56d-0ff8-1f26-023f-8219fddab745_sidebar-idm483307779282074_body]

Objective: Install SentinelOne Windows Agent on a local endpoint from the local
Command Line (CMD) or with a deployment tool such as GPO, SCCM, or Tanium.

 Note

This option is available only for Agent versions 22.2+.

1 Log in to one of these:

A deployment tool with an administrator account.

 Note

For instructions on how to upgrade a Windows Agent with

SCCM using a PowerShell script, see Upgrading Agents
with SCCM Using a PowerShell Script[upgrading-agents-with-
sccm-using-a-powershell-script.html].
 The command prompt on a local endpoint. In Windows Start or Search,
enter CMD > right-click Command Prompt, and select Run as administrator.

PowerShell

2 Go to the folder where you downloaded the new installation package.

Example:

cd C:\Users\adminWin\Downloads 

3 Install the Agent:

From CMD run:

SentinelOneInstaller.exe [-a installer_arguments] -t site_Token or 

group_Token

Example:

SentinelOneInstaller_windows_64bit_v22_2_1_200.exe -t 
a1b2c3d4e5f6g7h8i9a1b2c3d4e5f6g7h8i9

From PowerShell run:

./SentinelOneInstaller.exe [-a installer_arguments] -t site_Token or 

group_Token

Example:

./SentinelOneInstaller_windows_64bit_v22_2_1_200.exe -t 
a1b2c3d4e5f6g7h8i9a1b2c3d4e5f6g7h8i9

Where:

SentinelOneInstaller.exe is the full package name.

-a installer_arguments : Installer arguments are optional. For a list of installer

arguments, see Installer Arguments[installing-windows-agent-22-1--with-the-new-
installation-package.html#UUID-1d30b56d-0ff8-1f26-023f-8219fddab745_sidebar-

idm483293799503508].
If there is a web proxy between the endpoints and the Console, you must use
the installer arguments to configure the proxy for the Agent in the installation
command. To configure a proxy after the Agent is installed, you must use
sentinelctl[configuring-a-proxy-server-for-windows-agents.html].
-t site_Token or group_Token is the site token or group token.

 Important

If you add the -q parameter you must use the -t

parameter and enter the token.

If you do not use -q parameter, the -t parameter is

optional in this step of the procedure. If you do not enter
the token now, you must add it into the UI later.

-q, --qn

Optional unless you use a deployment tool to install theAgent (then it is

mandatory).

Quiet mode. The installer does not show the status of the upgrade as it
progresses, and does not automatically show a return code when the upgrade
completes.

 Important

If you use the -q or --qn parameter, you must also use

the -t parameter and enter the token.

Example syntax:

SentinelOneInstaller.exe -t site_Token -q 

-b, --reboot_on_need

Optional.
 Automatically reboot the endpoint when required to continue with the
installation.
-c, --clean_only

Optional.

Add to clean the Agent (remove previous installation directories and the
current Agent) without installing a new version of the Agent.

To use -c (clean only), you must:

Use -t (site token), AND

Use either -k with the Agent or Account passphrase, or the Confirm

Local Upgrade action.

-f, --force

Optional.

Add if you do not want the installer to fail after the first installation because
the same or higher version of the Agent is already installed.

Regarding installing a lower version of the Agent (downgrading): If you do not

add -f , the installer will try to downgrade, but will not run the Cleaner, and
might fail, unless you add -f.

-k, --key

Optional.

Syntax: -k passphrase where passphrase is the Agent or Account passphrase,

needed to validate privileges.

The Agent or Account passphrase to validate privileges.

4 Follow the instructions of the wizard.

5 If you added -t site_Token or group_Token to the command, the token already
appears in the UI. Click Install.
 If you did not add -t site_Token or group_Token to the command, enter the Site or
Group Token and click Install.

6 Wait for the process to complete. Click Finish.

7 If more Agent capabilities will be enabled after you reboot the endpoint, a
notification appears.

You do NOT have to reboot the endpoint.

 Optional: Click Yes to automatically reboot the endpoint.

8 Get the return code.

The return code is in the C:\windows\temp directory, in SC-exit-code.txt or SC-

after-reboot-exit-code.txt . Open the most recently edited file.

Alternatively,

If you ran the tool from CMD, run:

echo %errorlevel% 

If you ran the tool from PowerShell, run:

$LastExitCode 

9 Find your return code in this table and follow the instructions in the Next Step
column.

10 Validate that a new version is installed.

1. From the endpoint, go to the SentinelOne Agent directory:

cd "c:\Program Files\SentinelOne\Sentinel Agent version" 

Example:

cd "c:\Program Files\SentinelOne\Sentinel Agent 22.2.3.402" 

2. Run this sentinelctl command:

sentinelctl status 
 3. Look at the Monitor Build id in the output to validate that a new version of the
Agent is installed and the Agent is loaded and running.

Example output:

Disable State: Not disabled by the user 

SentinelMonitor is loaded
Self-Protection status: On
Monitor Build id: 22.2.3.402+a1b2c3d4e5f6g7h8i9-Release.x64
SentinelAgent is loaded
SentinelAgent is running as PPL
Mitigation policy: quarantineThreat

 Install the Agent From the Local Command Line or a Deployment Tool: Version 22.1
[#UUID-1d30b56d-0ff8-1f26-023f-8219fddab745_sidebar-idm483301739122594_body]

 Installer Arguments
[#UUID-1d30b56d-0ff8-1f26-023f-8219fddab745_sidebar-idm483293799503508_body]

If you use any of the installer arguments in this table[installing-windows-agent-22-1--

with-the-new-installation-package.html#UUID-1d30b56d-0ff8-1f26-023f-

8219fddab745_informaltable-idm483294355728284], add the flag -a before the installer

argument and wrap the argument with quotation marks (" "). After the flag -a you
may add the equals character (=), but you do not have to.

Example:

SentinelOneInstaller_windows_64bit_v22_2_1_200.exe -t MY_TOKEN -a "VDI=true 

AGENT_LOGGING=true"

or

SentinelOneInstaller_windows_64bit_v22_2_1_200.exe -t MY_TOKEN -a="VDI=true 

AGENT_LOGGING=true"

If an argument should contain quotation marks (" "), for example

CUSTOMER_ID="Customer Identifier string", add three quotation marks.

Example:

SentinelOneInstaller_windows_64bit_v22_2_1_200.exe -a "CUSTOMER_ID="""123321"""" 
 Do not add /NORESTART . It will not affect the installation. By default, installing the
Agent does not reboot the endpoint.

Regarding SentinelOneInstaller and Quiet mode:

In Agent 22.1, Quiet mode is not supported. Do not add /QUIET because it will
not affect the installation. Version 22.1 does not support the parameters -q
or --qn .

In Agents 22.2+ Quiet mode is supported but it is NOT the default. To run the
installer in quiet mode add -q or --qn . Do not add /QUIET because it will not
affect the installation.
Optional Installer Arguments
Optional Arguments Description

SERVER_PROXY=mode Set a proxy server between the

Agent and its Management.

 Important

For Windows
Agents: If there
is a web proxy
between the
endpoints and
the Console, we
recommend you
configure the
proxy[configuring-
a-proxy-server-for-

windows-

agents.html] for

the Windows
Agent in the
installation
command. If
you did not
configure a
proxy, the Agent
is already
installed, and
there is no
connection
between the
Agent and the
Management,
see How to Fix
Never
Connected
Agents[how-to-
Optional Arguments Description

fix-never-

connected-
agents.html].

Agent in the
installation
command. If
you did not
configure a
proxy, the Agent
is already
installed, and
there is no
connection
between the
Agent and the
Management,
see How to Fix
Never
Connected
Agents[how-to-
fix-never-

connected-

agents.html].

Mode valid values:

auto = use the Windows LAN

settings (PAC file)
system = use Other proxy (not
from OS) configured in the
local Agent
user ,fallback[:port] = user
mode on Windows
http:// {IP | FQDN}:[ port]
Optional Arguments Description

AGENT_LOGGING={true | false} Disable Agent logging.

INSTALL_PATH_DATA="drive:\path" Customize the path for Agent

database, logs, and large data files.

Requirements

The path must be in English,

150 characters or less.
The path must be a fixed
drive (it cannot be a USB or
other removable media), and
it must be NTFS.
If the path is not on the
System drive, it must have at
least 4 GB free space.

(Supported from Agent versions

3.6)

SERVER_PROXY_CREDENTIALS=user:pass Set credentials to authenticate with

the Management proxy.
Optional Arguments Description

IOC_PROXY=mode Set a proxy server between

the Agent and the Deep Visibility™
EDR data server.

Mode valid values:

single = use the same proxy

for Management and
for Deep Visibility™

auto = use the Windows LAN

settings (PAC file)
system = use Other proxy (not
from OS) configured in the
local Agent
user ,fallback[:port] = user
mode on Windows
http:// {IP | FQDN}:[ port]

IOC_PROXY_CREDENTIALS=username:password Set the username and password to

authenticate with the Deep
Visibility™ proxy.

FORCE_PROXY={true | false} Prevent fallback to direct

communication if the proxy is not
available.

Important! If the Management

proxy or the Deep Visibility™ proxy
is configured with user mode, do
not use Force Proxy.

WSC={true | false} Set the Agent installation to disable

(true) or not disable (false)
Windows Defender.
 Optional Arguments Description

CUSTOMER_ID="Customer Identifier string" Add a user-defined Identifier string

to the endpoint.

Syntax:

SentinelOneInstaller.exe -a 
"CUSTOMER_ID="""Customer
Identifier string""""

VDI={true | false} Install on Virtual Desktop

Infrastructure or VMs with a Golden
(Master) Image.

Important: This property is NOT

recommended for all VM
installation types. See Installing
Windows Agents on VM or
VDI[installing-windows-agents-on-vm-
or-vdi.html] for when this property is

recommended.

 Return Codes
[#UUID-1d30b56d-0ff8-1f26-023f-8219fddab745_sidebar-idm1133399072367918_body]

Value Description Next Step

0 Complete success. Continue with the procedure. Validate that a new

Uninstall and re-install version of the Agent is installed.
were triggered, but the
installation completed
successfully.

12 Complete success. Continue with the procedure. Validate that a new

Uninstall and re-install version of the Agent is installed.
were not triggered.
Value Description Next Step

100 The uninstall of the Reboot the endpoint.

previous Agent
succeeded. Reboot the
endpoint to continue
with the installation of
the new Agent.

101 Reboot is required to Reboot the endpoint.

continue with the
installation.

103 Reboot is required to Reboot the endpoint.

uninstall the previous
Agent and install the
new Agent.

104 Reboot is already Reboot the endpoint.

required by a previous
run of the installer.

200 Cleaning (remove Reboot the endpoint.

previous installation
directories and the
current Agent) will be
done after reboot.

This return code can be

returned only when
using the clean_only ( -
c ) flag.

204 Internal use only. Nothing

205 Aborted by the user Nothing.

(from the endpoint).

206 Handled by command Nothing

line parser. Example:
You passed the wrong
argument.
Value Description Next Step

1000 Upgrade Canceled. Nothing. No upgrade is necessary.

Cannot continue with
the upgrade. An Agent
with the same or higher
version is already
installed on the
endpoint.

1001 Downgrade Canceled.

The version you are
trying to downgrade to
is too old.

1002 Upgrade Canceled. Wait for the previous running to finish.

Another installer is
already running.

1003 Upgrade Canceled. Finish the other MSI installer.

Another MSI installer is
already running.

1004 Upgrade Canceled. The Check the installer arguments.

arguments given to the
Installer (using -a or --
installer arguments) are
invalid.

2000 General failure. Contact Support.

2001 Upgrade failed. Cannot Contact Support.

proceed with the
uninstall and re-install.

2002 Installation failed or Contact Support.

upgrade failed. The
previous Agent was
uninstalled but the
installation of the new
Agent failed.
Value Description Next Step

2003 Failed to uninstall the Contact Support.

old Agent.

2004 Retry in Safe Mode. The
installation did not run.
If you ran the tool without a passphrase ( -k ) , rerun the
tool with the passphrase. If you get this error code
again, reboot the endpoint into Windows Safe
Mode[https://support.microsoft.com/en-
us/help/12376/windows-10-start-your-pc-in-safe-mode] and

try again.

2005 Upgrade Authentication Make sure the upgrade was approved and the endpoint
error. Failed to get has an internet connection to the Management.
upgrade approval from
the Management.

2006 Configuration not found. Contact Support.

Unable to proceed with
the upgrade.

2007 The upgrade failed. The Reboot the endpoint. If that does not help, contact
installer faced an Support.
unexpected error.
Cannot proceed with the
uninstall and re-install.

2008 Missing site token. Try again with the site token. From the command line,
add the parameter -t <site_token> .

2009 Failed to retrieve the Upgrade the Agent again with the parameter --
Agent UID. dont_preserve_agent_uid or contact Support.

2010 Interactive desktop Run the upgrade in Quiet mode. Upgrade the Agent
required. again with the parameter -q or --qn .

These parameters are available for Agent versions

22.2+.

2011 The installer is not Download a new installer and verify the certificates are
signed correctly. up to date. See How To Solve an Invalid Signature
Error[how-to-solve-an-invalid-signature-error.html].
 Value Description Next Step

2012 Could not determine the Upgrade the Agent again with the parameter --force or
currently installed Agent contact Support.
version.

2013 Insufficient system

resources.

2014 Extract resources Contact Support.

general failure.

2015 System requirements Read the requirement shown in the message.

not met.

2016 Microsoft KB2533623 is Windows 7 with KB2533623 or a newer OS is required.

not installed. Upgrade and restart your Windows and try again.

2017 Failed to load DLLs Contact Support.

safely.

2018 Downgrade failed. Contact Support.

2019 Upgrade Authentication Make sure the upgrade was approved and the endpoint
error. Failed to get has an internet connection to the Management.
upgrade approval from
the Management.

2020 Not enough space on Free space on the disk and try again.
the system drive.

2021 Upgrade Authentication Make sure the upgrade was approved and the endpoint
error. Failed to get has an internet connection to the Management.
upgrade approval from
the Management.

2022 Unable to create an App Contact Support.

Container.

 Tests Run by the Installer on Endpoints Before Installing the Agent

[#UUID-1d30b56d-0ff8-1f26-023f-8219fddab745_sidebar-idm4665755208244833336933697585_body]
 After you run the installation package, before the installation starts, the installer runs a
series of tests on the endpoint to see if the installation will succeed.

The endpoint has enough disk space and RAM (greater than 1 GB) to run the
installation.

The endpoint Admin has the required permissions.

Operating System is Windows 7 SP1 and above.

File system:

Agent data directory must be a fixed NTFS drive.

If the Agent data directory is the default drive, 2 GB on the system drive is
required. Otherwise, 4 GB on the data drive and 500 MB on the system drive
are required.

Program Files and Windows directory must reside on the same drive letter.
Changing the location of Program Files is not supported by Microsoft. See
Microsoft KB933700.

Microsoft KB2533623 (Insecure library loading could allow remote code execution)
must be installed. After installation of the update, you need to restart your computer
and begin the Agent installation process again.

SHA256 code signing support - Microsoft KB3033929 - Security Update for

Windows must be installed.

Existence and Integrity of cryptographic services and databases under Windows

CryptSvc.

Was this helpful?

Yes No

© 2023 SentinelOne Last modified: 16 November 2023