Upgrading Capture Client on Linux endpoints

SonicWall Capture Client can be used to protect Linux endpoints across various flavors. Capture Client for Linux only offers the endpoint protection features delivered by the SentinelOne engine and does not support agent lifecycle management enforcement, content filtering and Capture ATP integration. 

Capture Client for Linux does not run any additional processes beyond those required by the SentinelOne engine on Linux endpoints - hence any actions to upgrade the Linux endpoint using policies or device actions will not force an upgrade of the SentinelOne engine.

To upgrade agents on Linux enpoints, administrators must uninstall and reinstall the client for the specific tenants

To uninstall a Linux agent:

1. Login to the Capture Client portal and export the Devices list from Protect -> Devices
2. Copy the SentinelOne passphrase for the Linux endpoint
3. Login to the Linux endpoint as root (sudo will not be enough)
4. Run the following command on the Linux endpoint. Using the unquarantine flag will unquarantine any files still quarantined by the SentinelOne engine. Else such files will be deleted

sudo /opt/sentinelone/bin/sentinelctl control uninstall --passphrase "string" [--output] [--unquarantine]

Before installing our Linux agent, ensure that the Client policy has been configured with the version of SentinelOne to be deployed on the endpoint. 

To install Linux agents, download the installer script from the tenant of choice and execute it on the Linux endpoint.