Uninstalling SentinelOne's agent can be done the secure/easy way from the management console, or the more circuitous route, using the endpoint. In this article, we guide you through the process of removing the agent using both aforementioned techniques on Windows, macOS and Linux.

Please note - in order to uninstall the agent you will need to have access to the console, or service provider, from where it was installed to obtain the passphrase, otherwise, a complete rebuild of the endpoint is required.

Online Uninstall directly from the Management Console (All Platforms)

• Log into your SentinelOne management portal
• Go to the Sentinels tab
• Select the machine that you wish to uninstall the software from
• Go to actions and select “Uninstall”

‍

Uninstalling from the endpoint

Note: If you have Anti-Tampering turned on you will need the Passphrase to uninstall from the endpoint.

Accessing the Passphrase.

To acquire the passphrase, go through the following steps.

• Log into your management portal and find the machine that you wish to uninstall the agent from.
• Press on the tab "Actions" and select "Show Passphrase".

• Take a note of this passphrase as it will be needed proceeding to the following steps.

‍

‍

Uninstalling SentinelOne from Windows

• Go to "Add or Remove Programs”
• Search for SentinelOne
• Select Uninstall
• Now if you have Anti-Tamper switched off in the group policy, the uninstalling process is over, but if not, you need to go through a couple of more steps.
• After you press "Uninstall" you need to make a choice “Online” or “Offline” Verification

• if you choose "Online" verification, you need to log into the management portal and choose "Approve Uninstall". This process sends the approval signal from the management console to uninstall the agent.

• On the other hand, if you choose "Offline", you need to add the "Verification key"; in other words, the passphrase from the management portal.

‍

• To acquire the "Passphrase" please follow the steps shown above

‍

‍

Uninstalling SentinelOne from Windows Sentinelctl

• Open terminal as admin

Navigate to SentinelOne agent Directory

cd "C:\Program Files\SentinelOne\Sentinel Agent <version>"

Uninstall the agent using the passphrase

uninstall.exe /norestart /q /k="<passphrase>"

Example

‍

Uninstalling SentinelOne from Linux

Uninstalling using Sentinelctl

• Open terminal on the Linux machine as an admin or a privileged user.

sudo /opt/sentinelone/bin/sentinelctl control uninstall --passphrase "passphrase"

Uninstalling using Linux commands:  We recommend that you use these commands only if sentinelctl and reboot did not successfully remove the agent.

• Ubuntu

service sentineld stop
chkconfig --del sentineld
rm -f /etc/init.d/sentineld
umount /opt/sentinelone/mount
rm -rf /opt/sentinelone
sudo rm /usr/local/sentinelctl
userdel sentinelone
rm /var/lib/dpkg/info/sentinelagent.*
dpkg --purge --force-all sentinelagent

• Red Hat, CentOS, SuSE, Fedora

service sentineld stop
chkconfig --del sentineld
rm -f /etc/init.d/sentineld
umount /opt/sentinelone/mount
sudo rm /usr/local/sentinelctl
rm -rf /opt/sentinelone
userdel sentinelone
sudo rpm -ev --noscripts SentinelAgent

Uninstall SentinelOne from macOS Sentinelctl

• Open terminal on your Mac device.

Anti-Tampering off

$ sudo sentinelctl uninstall --local

Anti-Tampering on

$ sudo sentinelctl unprotect --passphrase "passphrase"

===Sentinel protection has been disabled 

$ sudo sentinelctl uninstall --local 

Uninstalling the agent leaves the endpoint exposed and vulnerable, especially if it's an unsupported device. It is recommended that the removal of the agent is a last resort solution and methods of securing the endpoint after the agent's removal are already in place.