Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Capture Client new deployment - would not recommend to anyone

We have not had a fun ride with our new implementation of capture client. Today our tenant decided to unlicense all our clients and show that we only have 10 licenses instead of the 250 we had already purchased. Not to mention the list of other issues below.

Capture client is the latest version available 3.5.19

  • All Clients show offline on the tenant web portal
  • All Clients do not show on world map on the tenant web portal
  • No way to disable capture client without uninstalling on windows 10
  • Gpupdate /force on windows 10 machines causes sentinel one to act up
  • Reporting on the tenant doesn't work at all
Category: Capture Client
Reply

Answers

  • LarryLarry Cybersecurity Overlord ✭✭✭

    Following

  • MicahMicah Administrator

    Hello @NSA2650,

    I am sorry to hear about this inconvenience. Please, let me PM you and loop in a few folks so that we can better understand the issue and how to resolve it.

    Kind Regards,

    🖐️ Sr. Manager, Web and Digital, SonicWall. Say "hi" by tagging me at @micah.

  • ThomTurnerThomTurner Newbie ✭

    Hi @NSA2650 ,

    I'd be keen to know more about how GPupdate/force affects S1. We have issues with S1 on citrix Xen App servers, the service will crash and the server goes into slow mode.


    Thanks,

  • FelixFelix Newbie ✭

    For deactivating the CC on host I sse the SentinelCtl.exe

    You can disable the AV with the command: SentinelCtl.exe unload -a -H -s -m -k "passphrase" (passphrase is available via CC console / "download devices" - to CSV )

    For Scripting I use:

    $s1path = Resolve-Path "C:\Program Files\SentinelOne\Sentinel Agent*\SentinelCtl.exe" | select -ExpandProperty path

    &$s1path unload -a -H -s -m -k "passphrase"

  • NSA2650NSA2650 Newbie ✭

    How do you re-enable the client after disabling it?


    1) A restart?

    2) Command line to start it again, if so what's the syntax?


    Thanks.

  • LarryLarry Cybersecurity Overlord ✭✭✭

    @NSA2650

    A reboot should cause the agent to load automatically.

    If you want to do it manually, and have issued the unload command as noted above, you could issue the load command:

    sentinelctl load -a -H -s -m

    This command does not require the passphrase.

    To view the current operation of S1, issue the status command:

    sentinelctl status

    Hope that helps!

Sign In or Register to comment.