# Setup SentinelOne on Windows

If you want to deploy the EDR on a large scale, we recommend starting with a manual test installation on a few endpoints.

{% stepper %}
{% step %}

### Download the installer

Download the executable from [this link](https://drive.google.com/drive/folders/15jct4xtEFHQ5sC26i8hloOkVnZT3P-mt) (Windows 8.1 and above).

<details>

<summary>Supported Windows versions</summary>

**Standard installer** (Windows 8.1 and above):

* Windows 8.1 / 10 / 11 / 11 23H2 / 11 24H2 64-bit
* Windows Server IoT 2019 / 2022 / 2025
* Windows Server / Server Core 2012 R2 / 2016 / 2019 / 2022 / 2025

**Legacy installer** (will soon be replaced by Legacy Plus): [download here](https://drive.google.com/drive/folders/1LktnGsHIgVOxicb5QJI7WSUljqPu8Cah)

* Windows 8.1 / 10 32-bit
* Windows 7 SP1 / 8 32/64-bit
* POSReady 7
* Windows Server / Storage Server / Server Core 2012 (not R2) 32/64-bit
* Windows Server 2008 R2 SP1 32/64-bit

**Legacy Plus installer**: [download here](https://drive.google.com/drive/folders/1LktnGsHIgVOxicb5QJI7WSUljqPu8Cah)

* Windows XP SP3 / Vista SP2 32/64-bit
* Windows XP SP2 64-bit (AMD64/EM64T)
* Windows Embedded POSReady 2009
* Server 2003 SP2 / 2003 R2 SP2 / 2008 SP2 (not R2) 32/64-bit

</details>
{% endstep %}

{% step %}

### Find your customer ID

Go to `MDR` > `Settings` and copy your customer ID.

<figure><img src="/files/xPzc6SRkERng2D6V3HBR" alt=""><figcaption></figcaption></figure>
{% endstep %}

{% step %}

### Install SentinelOne

{% hint style="info" %}
SentinelOne replaces your current antivirus. Uninstall it completely before proceeding.

If the firewall is managed separately, keep it running. If it is part of the same solution, copy any custom rules to Windows Firewall first.
{% endhint %}

{% tabs %}
{% tab title="Manual" %}

1. Launch the executable on the target machine.
2. Enter your customer ID in the `Site Token` or `Group Token` field.
3. Click `Install`.
   {% endtab %}

{% tab title="MDM" %}
Run the following command:

```
<file_name>.exe -t <customer_ID> -q
```

Replace `<customer_ID>` with your customer ID.
{% endtab %}

{% tab title="GPO" %}

1. Place the executable in a network share accessible to all domain computers. Example: `\\Server\Share\<SentinelOne file>.exe`. Ensure the share has **Read** permissions for the relevant computer groups.
2. Create a deployment script named `InstallSentinelOne.bat`:

```powershell
@echo off
# Check if the script is running as administrator
$adminCheck = [Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent() if (-not $adminCheck.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
# Rerun the script with elevated privileges
Start-Process powershell -ArgumentList "-NoProfile -ExecutionPolicy Bypass -File "$PSCommandPath"" -Verb RunAs exit }
# Set the variables
$installerPath = "Installation path" $siteToken = "customer_ID" $arguments = "-t $siteToken -q"
# Run the installation silently
Start-Process -FilePath $installerPath -ArgumentList $arguments -Wait -NoNewWindow
```

Replace `Installation path` with the share path and `customer_ID` with your customer ID. Test the script manually on one machine before deploying.

3. Create a GPO:
   1. Open the Group Policy Management Console: `Windows + R` > `gpmc.msc` > `Enter`.
   2. Right-click the target container (domain or OU) and click `Create a Group Policy Object in this domain and link it here`. Name it (e.g. `SentinelOne Deployment`).
   3. Right-click the new GPO and select `Edit`.
   4. Go to `Computer Configuration` > `Policies` > `Windows Settings` > `Scripts`.
   5. Double-click `Start`, click `Add`, then `Browse` and select `InstallSentinelOne.bat`.
   6. Copy the script to `\\<server_name>\SysVol\<domain_name>\Policies\<GPO_GUID>\Machine\Scripts\Startup`.
4. Apply the GPO:
   * Run `gpupdate /force` on a domain controller.
   * Restart a target machine to trigger the script.
   * Verify that SentinelOne is installed and running on that machine.
   * If you encounter any issues, check `C:\Windows\Debug\StartupLog.txt`.
     {% endtab %}
     {% endtabs %}
     {% endstep %}
     {% endstepper %}

## Network traffic

If outbound traffic is blocked, open port **443** for the following addresses.

<details>

<summary>Domains and IP addresses</summary>

**Domains**

* euce1-100
* euce1-102
* euce1-103
* euce1-104
* euce1-105
* euce1-106
* euce1-108
* euce1-109
* euce1-120-mssp
* euce1-ir
* euwe3-801

**IP addresses**

* 52.28.96.109
* 18.195.251.162
* 3.124.247.29
* 18.157.202.57
* 52.29.133.222
* 18.185.1.205
* 18.197.98.151
* 3.126.198.254
* 3.126.86.58
* 3.125.144.61
* 3.126.137.49
* 3.123.155.200
* 18.158.53.176
* 3.65.44.11
* 3.66.206.10
* 3.124.180.157
* 3.68.134.166
* 3.126.19.109
* 3.73.61.193
* 3.65.215.106
* 3.125.103.71
* 52.28.140.160
* 3.79.163.229
* 3.79.197.235
* 52.28.194.120
* 3.79.144.24
* 3.64.20.194
* 18.158.224.145
* 52.29.182.176
* 3.73.69.228
* 52.28.5.228
* 34.36.224.38

</details>

{% hint style="info" %}
No inbound ports are required. All communication is outbound to SentinelOne.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.stoik.io/stoik-mdr/edr-setup-sentinelone/edr-main-module/setup-sentinelone-on-windows.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.