Uninstalling SentinelOne's agent can be done the secure/easy way from the management console, or the more circuitous route, using the endpoint. In this article, we guide you through the process of removing the agent using both aforementioned techniques on Windows, macOS and Linux.
Please note - in order to uninstall the agent you will need to have access to the console, or service provider, from where it was installed to obtain the passphrase, otherwise, a complete rebuild of the endpoint is required.
Online Uninstall directly from the Management Console (All Platforms)
Log into your SentinelOne management portal
Go to the Sentinels tab
Select the machine that you wish to uninstall the software from
Go to actions and select “Uninstall”
Uninstalling from the endpoint
Note: If you have Anti-Tampering turned on you will need the Passphrase to uninstall from the endpoint.
Accessing the Passphrase.
To acquire the passphrase, go through the following steps.
Log into your management portal and find the machine that you wish to uninstall the agent from.
Press on the tab "Actions" and select "Show Passphrase".
Take a note of this passphrase as it will be needed proceeding to the following steps.
Uninstalling SentinelOne from Windows
Go to "Add or Remove Programs”
Search for SentinelOne
Select Uninstall
Now if you have Anti-Tamper switched off in the group policy, the uninstalling process is over, but if not, you need to go through a couple of more steps.
After you press "Uninstall" you need to make a choice “Online” or “Offline” Verification
if you choose "Online" verification, you need to log into the management portal and choose "Approve Uninstall". This process sends the approval signal from the management console to uninstall the agent.
On the other hand, if you choose "Offline", you need to add the "Verification key"; in other words, the passphrase from the management portal.
To acquire the "Passphrase" please follow the steps shown above
Uninstalling SentinelOne from Windows Sentinelctl
Open terminal as admin
Navigate to SentinelOne agent Directory
cd "C:\Program Files\SentinelOne\Sentinel Agent <version>"Uninstall the agent using the passphrase
uninstall.exe /norestart /q /k="<passphrase>"Example
Uninstalling SentinelOne from Linux
Uninstalling using Sentinelctl
Open terminal on the Linux machine as an admin or a privileged user.
sudo /opt/sentinelone/bin/sentinelctl control uninstall --passphrase "passphrase"Uninstalling using Linux commands: We recommend that you use these commands only if sentinelctl and reboot did not successfully remove the agent.
Ubuntu
service sentineld stop
chkconfig --del sentineld
rm -f /etc/init.d/sentineld
umount /opt/sentinelone/mount
rm -rf /opt/sentinelone
sudo rm /usr/local/sentinelctl
userdel sentinelone
rm /var/lib/dpkg/info/sentinelagent.*
dpkg --purge --force-all sentinelagentRed Hat, CentOS, SuSE, Fedora
service sentineld stop
chkconfig --del sentineld
rm -f /etc/init.d/sentineld
umount /opt/sentinelone/mount
sudo rm /usr/local/sentinelctl
rm -rf /opt/sentinelone
userdel sentinelone
sudo rpm -ev --noscripts SentinelAgentUninstall SentinelOne from macOS Sentinelctl
Open terminal on your Mac device.
Anti-Tampering off
$ sudo sentinelctl uninstall --localAnti-Tampering on
$ sudo sentinelctl unprotect --passphrase "passphrase"
===Sentinel protection has been disabled
$ sudo sentinelctl uninstall --local Uninstalling the agent leaves the endpoint exposed and vulnerable, especially if it's an unsupported device. It is recommended that the removal of the agent is a last resort solution and methods of securing the endpoint after the agent's removal are already in place.
