Setup SentinelOne on Windows

If you want to deploy the EDR on a large scale, we recommend starting with a manual test installation on a few endpoints.

Executable and customer ID

Download the executable from this link (Windows 8.1 and more).
Find your customer ID on the Endpoint page > Settings.

The executable is only valid for Windows versions equal to or higher than Windows 8.1 64-bit, namely:

Windows 8.1/10/11/11 23H2/11 24H2 64-bit
Windows Server IoT 2019/2022/2025
Windows Server/Server Core 2012 R2/2016/2019/2022/2025

For the versions listed below, the executable is: here (will soon be replaced by Legacy Plus)

Windows 8.1/10 32-bit
Windows 7 SP1/8 32/64-bit
POSReady 7
Windows Server/Storage Server/Server Core 2012 (not R2) 32/64-bit
Windows Server 2008 R2 SP1 32/64-bit

Finally, for the versions listed below, the executable is: here

Windows XP SP3 / Vista SP2 32/64-bit
Windows XP SP2 64-bit (AMD64/EM64T)
Windows Embedded POSReady 2009
Server 2003 SP2 / 2003 R2 SP2 / 2008 SP2 (not R2) 32/64-bit

Manual method

Launch the executable on the target machine
Enter the customer ID in the Site Token or Group Token field
Click Install

SentinelOne replaces your current antivirus software. Therefore, it is necessary to completely uninstall it.

Exception: If the firewall is managed separately, do not disable it. If the firewall is integrated into the same solution, remember to copy the custom rules to the Windows Firewall.

Automatic method

You can automate the installation of the SentinelOne EDR on your workstations and servers via:

MDM (SCCM, Intune)
GPO (Group Policy Object)

Command to execute:

<file_name>.exe -t customer_ID -q
Replace customer_ID with your customer ID.

Automatic method via GPO

Follow these steps to perform a deployment via GPO:

Download the executable from this link (Windows 8.1 and more).
Place this file in a network share accessible to all computers on the domain. Example path: \\Server\Share<SentinelOne file>.exe. Ensure that the share has Read permissions for the relevant computer groups.
Create a PowerShell deployment script, or batch file, that executes the installation command. Example: a batch script (InstallSentinelOne.bat) containing the following code:

@echo off
# Check if the script is running as administrator
$adminCheck = [Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent() if (-not $adminCheck.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
# Rerun the script with elevated privileges
Start-Process powershell -ArgumentList "-NoProfile -ExecutionPolicy Bypass -File "$PSCommandPath"" -Verb RunAs exit }
# Set the variables
$installerPath = "Installation path" $siteToken = "customer_ID" $arguments = "-t $siteToken -q"
## Run the installation silently
Start-Process -FilePath $installerPath -ArgumentList $arguments -Wait -NoNewWindow

Replace Installation Path with the actual path, for example: \\Server\Share<SentinelOne file>.exe, and customer_ID with your customer ID.

Manually test the script on a machine to verify that it installs SentinelOne correctly, checking that this machine is present in Stoïk Protect.

Create a GPO
1. Open the Group Policy Management Console (GPMC): Windows + R > gpmc.msc and press Enter
2. Right-click on the container where you want to apply the GPO (for example: the domain or a specific OU)
3. Click on Create a Group Policy Object in this domain and link it here, and give it a name (for example: SentinelOne Deployment)
4. Add the startup script:
  1. Right-click the new GPO and select Edit
  2. Go to Computer Configuration > Policies > Windows Settings > Scripts
  3. Double-click Start, and then Add
  4. In the window that opens, click Browse, and then select InstallSentinelOne.bat
  5. Copy this script to the folder \\<server_name>\SysVol<domain_name>\Policies<GPO_GUID>\Machine\Scripts\Startup so that it is accessible to everyone.
Apply the GPO

Ensure that the GPO is linked to the correct container (domain or OU containing the target machines).
Use gpupdate /force on a domain controller to force the policy update.
Check the application:
- Restart a target machine to trigger the script.
- Verify that SentinelOne is installed and running on this machine.
- If you encounter any problems: check the startup script log file on the client machines: C:\Windows\Debug\StartupLog.txt

Opening network traffic

In case of network blocking, the following flows must be opened on the firewall at Port 443:

Domains:

euce1-100
euce1-102
euce1-103
euce1-104
euce1-105
euce1-106
euce1-108
euce1-109
euce1-120-mssp
euce1-ir
euwe3-801

IP Addresses:

52.28.96.109
18.195.251.162
3.124.247.29
18.157.202.57
52.29.133.222
18.185.1.205
18.197.98.151
3.126.198.254
3.126.86.58
3.125.144.61
3.126.137.49
3.123.155.200
18.158.53.176
3.65.44.11
3.66.206.10
3.124.180.157
3.68.134.166
3.126.19.109
3.73.61.193
3.65.215.106
3.125.103.71
52.28.140.160
3.79.163.229
3.79.197.235
52.28.194.120
3.79.144.24
3.64.20.194
18.158.224.145
52.29.182.176
3.73.69.228
52.28.5.228
34.36.224.38

PreviousEDR setup: SentinelOne NextSetup SentinelOne on MacOS

Last updated 7 days ago

Was this helpful?