Capture Client Agent OS Requirements : Windows & Windows Server
Description
This article provides guidance on the supportability of the Capture Client Agent for the Windows platform.
Resolution
Capture Client categorizes Windows operating systems into two groups. The version of the Agent you install depends on the OS present on your endpoints.
| Group | Windows OSs | Next Step |
| Group 1 (Modern) | Windows 11/11 23H2/11 24H2 64-bit Windows 10 64-bit Windows 8.1 64-bit Server/Server Core 2025 Server/Storage Server/Server Core 2022 64-bit Server/Server Core 2019 64-bit Server/Storage Server/Server Core 2016 64-bit Server/Storage Server 2012 R2 64-bit | Refer to: Agent Installers for Group 1 Windows Operating Systems (Modern) |
| Group 2 (Legacy Plus) | Windows 10 32-bit Windows 8.1 32-bit Windows 8 32/64-bit Windows 7 SP1 32/64-bit Server/Storage Server/Server Core 2012 (not R2) 32/64-bit Server 2008 R2 SP1 32/64-bit | Refer to: Agent Installers for Group 2 Windows Operating Systems (Legacy Plus) |
Agent Installer Compatibility with Each Windows OS Group:
| CC Agent Installer | S1 Agent Installer | Windows OS Group 1 (Modern) | Windows OS Group 2 (Legacy Plus) | Behaviour |
| CC 3.9.1 or later | 24.1 or later | Supported | Not Supported | (For Group 1) (For Group 2) |
| CC 3.9.1 or later | 23.4.4.x | Supported | Supported | (For Group 1 and Group 2) For Upgrades, the specified versions of the CC and S1 agents will be upgraded. |
Agent Installers for Group 1 Windows Operating Systems (Modern)
On endpoints installed with any OS from Group 1, use any supported Agent installers: SentinelOneInstaller_windows_64bit_v<version number>.exe or SentinelOneInstaller_windows_64bit_v<version number>.msi.
NOTE: Group 1 installers use 64-bit architecture only. You cannot use Agent installers that use 32-bit architecture. For endpoints with a Windows OS in Group 1, select only Agent installers that use 64-bit architecture
Agent Installers for Group 2 Windows Operating Systems (Legacy Plus)
On endpoints installed with any OS from Group 2, use either:
- Any supported Agent installer up to and including version 23.x:
SentinelOneInstaller_windows_32/64bit_v<version number>.exeorSentinelOneInstaller_windows_32/64bit_v<version number>.msi. - Future Legacy Plus Windows Agent installer:
SentinelOneInstaller_windows_LegacyPlus_32/64bit_v23_100_x.x.exeorSentinelOneInstaller_windows_LegacyPlus_32/64bit_v23_100_x.x.msi
The Legacy Plus Agent installer will be released once a year (more often if critical security issues arise). The Legacy Plus Agent installer may not support new features not related to the security posture of the endpoint, but it will include critical security enhancements and bug fixes.
Supported Editions: Home, Pro, Pro for Workstations, Enterprise, Education, Pro Education, Enterprise LTSC, embedded (UI issue fixed in Agent version 3.4.1.7), Windows 10 IoT Enterprise
Not Supported: Mobile, Windows 10 IoT core, Windows 365 Virtual Desktop, Windows Vista, XP and 2008 SP2 (not R2), 2003 R2 SP2 and 2003 SP2.
The Legacy Plus Windows Agent Installer
- SentinelOne will introduce a new Agent installer for Group 2 OS versions, called the Legacy Plus Windows Agent installer.
- All Legacy Plus Windows Agent installers will have version numbers that begin with 23.100.
- When the Legacy Plus Windows Agent installer is released, you can use it if your endpoints run on any of the OSs listed above.
- The new Legacy Plus Windows Agent installer will continue to secure your endpoints and will be released at a cadence of once a year.
- Releases of Legacy Plus Windows Agent installers will contain:
a. Critical security enhancements and bug fixes.
b. Live security updates. - New features, not related to the security posture of the endpoint, may not be supported in Legacy Plus Windows Agent installers.
Capture Client Management Console supports endpoints (PCs, Laptops & Tablets) running the following operating systems. Capture Client's advanced threat protection is powered by SentinelOne, and the SentinelOne agent is automatically installed and configured according to the Threat Protection security policy. The recommended SentinelOne agent version is listed below.
Guidelines for Windows
| Operating System | Version | Capture Client | SentinelOne Agent | Sentinel Agent (EOS/EOL) |
| Windows Server | 2022 on 64-bit, | 3.10.0 or later | 24.1.4.257 or later | 23.3 |
| Windows Server | 2012 (Not R2) on 32/64 bit, | 3.10.0 or later | 23.4.4.223 or former | 23.3 |
| Windows 11 | 64-bit | 3.10.0 or later | 24.1.4.257 or later | 23.3 |
| Windows 10 | 64-bit | 3.10.0 or later | 24.1.4.257 or later | 23.3 |
| Windows 10 | 32-bit | 3.10.0 or later | 23.4.4.223 or former | 23.3 |
| Windows 8 | Version 8.1 on 64-bit | 3.10.0 or later | 24.1.4.257 or later | 23.3 |
| Windows 8 | Version 8.1 on 32-bit | 3.10.0 or later | 23.4.4.223 or former | 23.3 |
| Windows 8 | Version 8 on 32/64-bit | 3.10.0 or later | 23.4.4.223 or former | 23.3 |
| Windows 7 | Version 7 SP1 on 32/64-bit | 3.10.0 or later | 23.4.4.223 or former | 23.3 |
NOTE: Windows Agents 24.1 and higher are compatible only with specific 64-bit windows OS versions and is not compatible with all 32-bit Windows OS versions.
Table for Supported & Unsupported OS Version for Windows Agent 24.1
| Supported OS versions | Unsupported OS versions |
| Windows 11 64-bit Windows 10 64-bit Windows 8.1 64-bit Server/Storage Server/Server Core 2022 64-bit Server/Server Core 2019 64-bit Server/Storage Server/Server Core 2016 64-bit Server/Storage Server 2012 R2 64-bit | Windows 10 32-bit Windows 8.1 32-bit Windows 8 32/64-bit Windows 7 SP1 32/64-bit Server/Storage Server/Server Core 2012 (not R2) 32/64-bit Server 2008 R2 SP1 32/64-bit Windows Vista SP2 32/64-bit Windows XP SP3 32/64-bit Windows XP SP2 64-bit (AMD64/EM64T) Windows Embedded POSReady 2009 Server 2008 SP2 (not R2) 32/64-bit Server 2003 R2 SP2 32/64-bit Server 2003 SP2 32/64-bit |
Windows Agent Dependencies
Make sure the endpoints are updated with all the latest Microsoft patches for the OS, including but not limited to the known required updates in this table.
| Installation | Notes |
| Windows Defender | You should consider uninstalling Microsoft Defender Antivirus on Windows Server 2016 or 2019 to prevent interoperability issues. On Windows 10, when the Agent registers to the Windows Security Center, SentinelOne becomes the primary Virus and Threat protection, instead of Windows Defender unless a policy override change is made to allow Defender. In Windows 7, 8, and 8.1, the SentinelOne Agent registers to the Windows Security Center along with Windows Defender. SentinelOne does not become primary. You should consider uninstalling Microsoft Defender Antivirus. |
| .NET Framework 4.7.2 and later |
|
| On Windows 10 and Windows Server 2016, install Microsoft KB4093119, to make sure old logs in ProgramData\Sentinel\logs are deleted. | An endpoint should have only 16 log files, taking up no more than 1.6 GB. |
| On Windows 7, Windows 7 Service Pack 1 (SP1), Windows Server 2012, and Windows Server 2008 R2 SP1, install the update to enable TLS 1.1 and TLS 1.2 as default secure protocols in WinHTTP and add the Registry subkey, as shown in the article. | SentinelOne Management-Agent communication uses TLS 1.2. This is not supported by default in Windows 7. You must install this update and add the registry subkey, as shown in the article. |
| KB3033929 (SHA2) - Security Update for Windows 7 SP1 and Windows Server 2008 R2 | This security update must be installed on Windows 7 SP1 and Windows Server 2008 R2 SP1 to meet the minimum requirements for the installer. |
| KB2758857 for Windows 7 and Windows Server 2008 R2 OR KB2533623 and KB4457144 - Security updates for Windows 7 SP1 and Windows Server 2008 R2 | After you install this update, you must restart the endpoint and run the Agent installation again. |
| Microsoft Windows Volume Shadow Copy Service (VSS) | Configure VSS before you install the Agent. The Agent fills the available amount of VSS, typically 10% of the SYSTEM Drive. Refer to this KB article. |
| GPO Privileges | The administrator who runs Agent installation through group policy must have to RESTORE and TAKE OWNERSHIP privileges to prevent an installer crash. |
| Windows Event Log | The Windows Event Log service must be enabled before you install the Agent. |
| GPO Chrome Extensions | The SentinelOne Chrome extension is part of the Agent installation. When you install or upgrade the Windows Agent with GPO, Chrome extensions must be enabled. |
| Windows Root Certificates | Update Windows Root Certificates. If you do not, it could lead to invalid signature errors. |
| Azure Code Signing (From Agent version 22.3+) | If the endpoint does not get Windows updates, you must install KB5022661 because SentinelOne installation package is signed using a Microsoft Controlled Root Certificate. |
| DigiCert | If the endpoint does not get Windows updates, you must manually install DigiCert for the Agent to communicate with the Management. |
| Windows Services set to Automatic | -Base Filtering Engine Service -Windows Update Service |
Required Windows Administrator Permissions
- The Windows Agent installer works on supported Windows endpoints with default settings. If your environment is hardened with specific changes, the installer might fail or crash. Make sure your environment fulfils these requirements for a successful installation.
- The Windows Agent installation requires Administrator permissions, with write permissions to C:\Users\Public\Documents and C:\ root. Install only as an Administrator, whether local, remote, GPO, or other.
- The Agent Anti-Tampering process restores and takes ownership of files during installation. The user running the installation must have Restore and Take Ownership privileges (default for Windows Administrator).
- The Agent Installer adds a trusted publisher to the machine certificate store that signs the PowerShell profile script of its PowerShell Protection. The local Administrator user must have privileges to install trusted publisher certificates.
- The Agent Installer creates a backup of the ELAM driver in the ELAM backup directory, ELAMBKUP, configured in the system registry. This directory must exist.
- The Agent installs drivers to the Program Files directory. The Program Files directory must be on the system boot volume.
- The Windows System user is required. Do not delete it!
- The Windows Management Instrumentation (WMI) Service (winmgmt) is required.
