-
Products
-
Gen 7 Firewalls
SonicWall's Gen 7 platform-ready firewalls offer performance with stability and superior threat protection — all at an industry-leading TCO.
Read More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
Capture Client Agent OS Requirements : Windows & Windows Server
10/25/2024 
0 People found this article helpful
6,108 Views
Description
This article offers guidance on the supportability of the Capture Client Agent for the Windows Platform.
Resolution
Capture Client Management Console supports endpoints (PCs, Laptops & Tablets) running the following operating systems. Capture Client's advanced threat protection is powered by SentinelOne, and the SentinelOne agent is automatically installed and configured according to the Threat Protection security policy. The recommended SentinelOne agent version is listed below.
Guidelines for Windows | Operating System | Version | Capture Client | SentinelOne Agent | Sentinel Agent (EOS/EOL) |
| Windows Server | 2022 on 64-bit, | 3.9.1 or later | 24.1.4.257 or later | 23.3 |
| Windows Server | 2012 (Not R2) on 32/64 bit, | 3.9.1 or later | 23.4.4.223 or former | 23.3 |
| Windows 11 | 64-bit | 3.9.1 or later | 24.1.4.257 or later | 23.3 |
| Windows 10 | 64-bit | 3.9.1 or later | 24.1.4.257 or later | 23.3 |
| Windows 10 | 32-bit | 3.9.1 or later | 23.4.4.223 or former | 23.3 |
| Windows 8 | Version 8.1 on 64-bit | 3.9.1 or later | 24.1.4.257 or later | 23.3 |
| Windows 8 | Version 8.1 on 32-bit | 3.9.1 or later | 23.4.4.223 or former | 23.3 |
| Windows 8 | Version 8 on 32/64-bit | 3.9.1 or later | 23.4.4.223 or former | 23.3 |
| Windows 7 | Version 7 SP1 on 32/64-bit | 3.9.1 or later | 23.4.4.223 or former | 23.3 |
Note:Windows Agents 24.1 and higher are compatible only with specific 64-bit windows OS versions and is not compatible with all 32-bit Windows OS versions.
Table for Supported & Unsupported OS Version for Windows Agent 24.1
| Supported OS versions | Unsupported OS versions |
| Windows 11 64-bit Windows 10 64-bit Windows 8.1 64-bit Server/Storage Server/Server Core 2022 64-bit Server/Server Core 2019 64-bit Server/Storage Server/Server Core 2016 64-bit Server/Storage Server 2012 R2 64-bit | Windows 10 32-bit Windows 8.1 32-bit Windows 8 32/64-bit Windows 7 SP1 32/64-bit Server/Storage Server/Server Core 2012 (not R2) 32/64-bit Server 2008 R2 SP1 32/64-bit Windows Vista SP2 32/64-bit Windows XP SP3 32/64-bit Windows XP SP2 64-bit (AMD64/EM64T) Windows Embedded POSReady 2009 Server 2008 SP2 (not R2) 32/64-bit Server 2003 R2 SP2 32/64-bit Server 2003 SP2 32/64-bit |
Windows Agent Dependencies
Note:Make sure the endpoints are updated with all the latest Microsoft patches for the OS, including but not limited to the known required updates in this table.
| Installation | Notes |
| Windows Defender | You should consider uninstalling Microsoft Defender Antivirus on Windows Server 2016 or 2019 to prevent interoperability issues. On Windows 10, when the Agent registers to the Windows Security Center, SentinelOne becomes the primary Virus and Threat protection, instead of Windows Defender unless a policy override change is made to allow Defender. In Windows 7, 8, and 8.1, the SentinelOne Agent registers to the Windows Security Center along with Windows Defender. SentinelOne does not become primary. You should consider uninstalling Microsoft Defender Antivirus. |
| .NET Framework 4.7.2 and later | |
| On Windows 10 and Windows Server 2016, install Microsoft KB4093119, to make sure old logs in ProgramData\Sentinel\logs are deleted. | An endpoint should have only 16 log files, taking up no more than 1.6 GB. |
| On Windows 7, Windows 7 Service Pack 1 (SP1), Windows Server 2012, and Windows Server 2008 R2 SP1, install the update to enable TLS 1.1 and TLS 1.2 as default secure protocols in WinHTTP and add the Registry subkey, as shown in the article. | SentinelOne Management-Agent communication uses TLS 1.2. This is not supported by default in Windows 7. You must install this update and add the registry subkey, as shown in the article. |
| KB3033929 (SHA2) - Security Update for Windows 7 SP1 and Windows Server 2008 R2 | This security update must be installed on Windows 7 SP1 and Windows Server 2008 R2 SP1 to meet the minimum requirements for the installer. |
| KB2758857 for Windows 7 and Windows Server 2008 R2 OR KB2533623 and KB4457144 - Security updates for Windows 7 SP1 and Windows Server 2008 R2 | After you install this update, you must restart the endpoint and run the Agent installation again. |
| Microsoft Windows Volume Shadow Copy Service (VSS) | Configure VSS before you install the Agent. The Agent fills the available amount of VSS, typically 10% of the SYSTEM Drive. Refer to this KB article. |
| GPO Privileges | The administrator who runs Agent installation through group policy must have to RESTORE and TAKE OWNERSHIP privileges to prevent an installer crash. |
| Windows Event Log | The Windows Event Log service must be enabled before you install the Agent. |
| GPO Chrome Extensions | The SentinelOne Chrome extension is part of the Agent installation. When you install or upgrade the Windows Agent with GPO, Chrome extensions must be enabled. |
| Windows Root Certificates | Update Windows Root Certificates. If you do not, it could lead to invalid signature errors. |
| Azure Code Signing (From Agent version 22.3+) | If the endpoint does not get Windows updates, you must install KB5022661 because SentinelOne installation package is signed using a Microsoft Controlled Root Certificate. |
| DigiCert | If the endpoint does not get Windows updates, you must manually install DigiCert for the Agent to communicate with the Management. |
| Windows Services set to Automatic | -Base Filtering Engine Service -Windows Update Service |
Required Windows Administrator Permissions
- The Windows Agent installer works on supported Windows endpoints with default settings. If your environment is hardened with specific changes, the installer might fail or crash. Make sure your environment fulfils these requirements for a successful installation.
- The Windows Agent installation requires Administrator permissions, with write permissions to C:\Users\Public\Documents and C:\ root. Install only as an Administrator, whether local, remote, GPO, or other.
- The Agent Anti-Tampering process restores and takes ownership of files during installation. The user running the installation must have Restore and Take Ownership privileges (default for Windows Administrator).
- The Agent Installer adds a trusted publisher to the machine certificate store that signs the PowerShell profile script of its PowerShell Protection. The local Administrator user must have privileges to install trusted publisher certificates.
- The Agent Installer creates a backup of the ELAM driver in the ELAM backup directory, ELAMBKUP, configured in the system registry. This directory must exist.
- The Agent installs drivers to the Program Files directory. The Program Files directory must be on the system boot volume.
- The Windows System user is required. Do not delete it!
- The Windows Management Instrumentation (WMI) Service (winmgmt) is required.
Related Articles
- Interoperability with Commvault Backup and Recovery
- SentinelOne Agent Version availability with SonicWall Capture Client
YES
NO