@jramsey - that also may not work if you are already at BigSur. you will need to uninstall and reinstall as the entire client architecture is very different
Ok - the client is not supported on Mojave so you should probably not try to upgrade those until you upgrade then to Catalina. I would recommend the following: 1. Force the upgrade from the Devices list - click on the gear button and select Upgrade Client 2. If that doesn't work, try a reboot.
If neither work, please call into Support for additional assistance.
FWIW, I upgraded several Mac clients and noted the same discrepancy in the KB article with respect to the missing entry ("SentinelOne Extensions") in the specified directory (/Library/Sentinel/sentinel-agent.bundle/Contents/MacOS/).
I did find the file "SentinelOne Extensions.app" in a different directory, however (/Developer/Applications/SentinelOne), which I added to have Full Disk Access.
@Syzygy I don't have a /Developer directory, is it related to Xcode? I purged Xcode a while ago. But I was able to find the "SentinelOne Extensions.app" at /Applications/SentinelOne.
Interesting. When I enter Command+Shift+G to get a prompt and enter either of the following locations:
/Developer/Applications/SentinelOne/
... or ...
/Applications/
it takes me to the same place (which matches your observation):
The only reason I stumbled on this to begin with was because "/Developer/Applications/" was still showing up as the location from a prior occasion some time back, and I made a note of it before switching locations.
On a separate note, I'm experiencing a different problem now though, and wonder if anyone else has seen this. Multiple Macs (all running macOS Catalina) here were upgraded to CC 3.6. Upgrade went fine. Looking at the "Dashboard" on each of the individual clients showed the devices "Online and compliant", Threat Protection enabled, and a custom security certificate as a "Trusted Certificate". All was good.
I then upgraded one of the Macs to macOS Big Sur 11.3.1. For some reason, the same custom certificate that was trusted before is no longer showing up. In the client's SonicWall Capture Client Dashboard, the (formerly functioning, green) section for Trusted Certificates is now complete absent. When looking at "Security Services/Trusted Certificates", it states "No trusted certificates". When I look at the Keychain Access on the Mac in question, the certificate is, in fact, present (in "System Keychains/System") and marked as "trusted for all users". The Macs still running Catalina show the custom certificate as Trusted. (Screen shots below).
Bottom line: Does not appear to be an issue with any policy settings or configuration in the Capture Client 3.6 Management console, and has something to do with the Big Sur upgrade.
Anyone else experience this, or have any ideas on how to resolve this?
BWC mentioned that he enabled "SentinelAgent", which is NOT specified in the KB article. Should "SentinelAgent" also be enabled (given Full Disk Access)?
I did not initially enable it, and its absence did not seem to make a difference. I later enabled it to see if that would resolve a security certificate issue (see post above), but it made no apparent difference.
Dont you think it's about time you fix that misleading KB article shown to the users will updating?
Would let me do other things than answering users questions "i followed the instructions, but extensions is not there" ?
for me the big mistery still is as others have mentioned above:
do we have have to give full disk access to "SentinelAgent" ?
do we have have to give full disk access to "Sentinel Extensions" that now can be found in /Applications/SentinelOne ?
do we even have to give full disk access to "Sonicwall Capture Client" found in /Applications (as suggested by a Sonicwall employee to me while that person was looking at infos available internally at Sonicwall)
You messed up this upgrade big time. At least publish correct information how to fix. NOW.
thanks, back to the remaining xxxx clients for fixing this mess.
The unfortunate aspect of this KB article is that it is based on information directly from SentinelOne - and THEIR doc is wrong.
I use an MSSP for S1 and got the same "bad" information for my Mac clients. Discouraging that we have a procedure to follow that has that one random error in it which is causing untold grief for lots of people.
Comments
Thanks @BWC !
@jramsey - that also may not work if you are already at BigSur. you will need to uninstall and reinstall as the entire client architecture is very different
Lots of messages in those logs saying "Failed to install 'Capture Client 3.6.24'"
@jramsey - what macOS version are you running?
@SuroopMC
We have a mixture of both Catalina and Mojave that are reporting the same thing.
Here is how one of them shows in the 3.5 console
And correspondingly how it show in the 3.6 console.
The 3.5 Console policies are pointed at the 3.6.24 version.
I would recommend the following:
1. Force the upgrade from the Devices list - click on the gear button and select Upgrade Client
2. If that doesn't work, try a reboot.
If neither work, please call into Support for additional assistance.
FWIW, I upgraded several Mac clients and noted the same discrepancy in the KB article with respect to the missing entry ("SentinelOne Extensions") in the specified directory (/Library/Sentinel/sentinel-agent.bundle/Contents/MacOS/).
I did find the file "SentinelOne Extensions.app" in a different directory, however (/Developer/Applications/SentinelOne), which I added to have Full Disk Access.
Hope this helps someone.
@Syzygy I don't have a /Developer directory, is it related to Xcode? I purged Xcode a while ago. But I was able to find the "SentinelOne Extensions.app" at /Applications/SentinelOne.
Quite a scavenger hunt these days :)
--Michael@BWC
Thanks @BWC and @Syzygy - we'll fix the discrepancy in the KB article regarding SentinelOne Extension
Interesting. When I enter Command+Shift+G to get a prompt and enter either of the following locations:
/Developer/Applications/SentinelOne/
... or ...
/Applications/
it takes me to the same place (which matches your observation):
The only reason I stumbled on this to begin with was because "/Developer/Applications/" was still showing up as the location from a prior occasion some time back, and I made a note of it before switching locations.
On a separate note, I'm experiencing a different problem now though, and wonder if anyone else has seen this. Multiple Macs (all running macOS Catalina) here were upgraded to CC 3.6. Upgrade went fine. Looking at the "Dashboard" on each of the individual clients showed the devices "Online and compliant", Threat Protection enabled, and a custom security certificate as a "Trusted Certificate". All was good.
I then upgraded one of the Macs to macOS Big Sur 11.3.1. For some reason, the same custom certificate that was trusted before is no longer showing up. In the client's SonicWall Capture Client Dashboard, the (formerly functioning, green) section for Trusted Certificates is now complete absent. When looking at "Security Services/Trusted Certificates", it states "No trusted certificates". When I look at the Keychain Access on the Mac in question, the certificate is, in fact, present (in "System Keychains/System") and marked as "trusted for all users". The Macs still running Catalina show the custom certificate as Trusted. (Screen shots below).
Bottom line: Does not appear to be an issue with any policy settings or configuration in the Capture Client 3.6 Management console, and has something to do with the Big Sur upgrade.
Anyone else experience this, or have any ideas on how to resolve this?
Thanks in advance.
... and ...
One more follow up question:
BWC mentioned that he enabled "SentinelAgent", which is NOT specified in the KB article. Should "SentinelAgent" also be enabled (given Full Disk Access)?
I did not initially enable it, and its absence did not seem to make a difference. I later enabled it to see if that would resolve a security certificate issue (see post above), but it made no apparent difference.
Thanks.
Dont you think it's about time you fix that misleading KB article shown to the users will updating?
Would let me do other things than answering users questions "i followed the instructions, but extensions is not there" ?
for me the big mistery still is as others have mentioned above:
You messed up this upgrade big time. At least publish correct information how to fix. NOW.
thanks, back to the remaining xxxx clients for fixing this mess.
The unfortunate aspect of this KB article is that it is based on information directly from SentinelOne - and THEIR doc is wrong.
I use an MSSP for S1 and got the same "bad" information for my Mac clients. Discouraging that we have a procedure to follow that has that one random error in it which is causing untold grief for lots of people.