SentinelOne agent command line tool
Description
sentinelctl is a command line tool that can be used to execute actions on a Windows/MACOS endpoint. This can be typically used to unprotect, unload/disable, load/re-enable, protect and perform policy updates for S1 Agent on your devices. 
CAUTION: We recommend that you do not use this for any other purpose unless Support suggests.
WINDOWS:
Open Command Prompt and run as an administrator
Go to the C:\Program Files\SentinelOne\Sentinel Agent <Version>
To run the tool: sentinelctl <command> [options]
To see all options of a command: sentinelctl -help
MACOS:
Open terminal
Go to the /Library/Sentinel
To run the tool: sudo sentinelctl <command> [make sure to run with sudo as it will only work when run as an admin]
To see all the options of a command: sentinelctl -help
Resolution
SENTINELONE COMMANDS:
To disable Anti-Tampering:
sentinelctl unprotect -k <S1 Passphrase>
NOTE: Please refer to end of the article on how to obtain S1 passphrase
To Enable Anti-Tampering:
sentinelctl protect
To Stop the Agent Services:
sentinelctl unload -m -a
To Start the Agent services:
sentinelctl load -m -a
To connect a disconnected endpoint/To remove network quarantine and connect back to network:
sentinelctl unquarantine_net -k <S1 Passphrase>
To Restart the Agent Services:
sentinelctl reload -m -a
To Get the Status of Agent Services and Policy Basics:
sentinelctl status
TIP: If you see the output for Mitigation Policy: none then it means "The Agent does not enforce policy with mitigation" whereas for Mitigation Policy: quarantineThreat means "The Agent enforces policy with kill and quarantine mitigation".
To Check if Full Disk Scan is in Progress:
sentinelctl is_scan_in_progress TIP: It will return the output as Full disk scan in progress: True or False
To Scan a Folder:
sentinelctl scan_folder -i path TIP: Use the option -i, --infile to scan a folder. If you do not use this parameter then the complete drive is scanned
To Check if S1 Agent ever Connected to Management:
sentinelctl ever_connected_to_management
EXAMPLE: Sample Output "Mgmt key part: 4ba007899be132d45a1590ds4f2ff2f2f031c4ffa3"
To Enable or Disable IE protection:
sentinelctl ie_protection [-e|-d] -k <S1 Passphrase>
Options:
-e, --enable [Enables IE protection]
-d, --disable [Disables IE protection] NOTE: This command requires reboot to apply.
To Disable Windows Security Center (WSC):
sentinelctl config agent.wscRegistration {1 | 0 } -k <S1 Passphrase> NOTE: It is not recommended to disable WSC. By default, the SentinelOne Windows Agent registers with WSC as anti-virus protection and Windows Defender is disabled.
To Change the Configuration Values of S1 Windows Agent:
sentinelctl config [-p] parameter [-d] [-v] value [-f {json | default}] -k "S1 Passphrase"
Options:
-p, --parameter [Specify the parameter to get or change. This flag is optional, but if not used to prefix the parameter name, the -v flag must not be used to prefix the value]
-d, --delete [Undo the change last made to this value through sentinelctl]
-v, --value [Set the configuration of the parameter to this value. If a value is not given, output shows the current value. If the -p flag is not used to prefix the parameter name, the -v flag must not be used to prefix the value]
-f, --format [Output configuration to json format or two-column text. To save as a file, use a redirect]
-k, --key [If Anti-Tampering is enabled on the Agent, all configure commands require validation]
HOW TO OBTAIN S1 PASSPHRASE?
S1 Passphrase can be obtained by Capture Client admin (from management console) for the device. Go to Assets> Devices section and click on export icon 
to download devices list
Look for "S1 Passphrase" in the csv file for the respective device in the downloaded list