This was only tested on a 'partial' SentinelOne installation on the High Sierra beta, where SentinelOne was never allowed to enable it's kernel extension. (Some things failed while I was messing around with OS betas.)
A lot happens in 2+ years, at this point there's a good chance this script will do more harm than good. Read the comments before using!
| launchctl remove com.sentinelone.sentineld-helper | |
| launchctl remove com.sentinelone.sentineld-updater | |
| launchctl remove com.sentinelone.sentineld | |
| launchctl remove com.sentinelone.sentineld-guard | |
| killall SentinelAgent | |
| rm -rf /Library/Extensions/Sentinel.kext | |
| rm -rf /Library/Extensions/Sentinel.kext/Contents | |
| rm -rf /Library/Extensions/Sentinel.kext/Contents/Info.plist | |
| rm -rf /Library/Extensions/Sentinel.kext/Contents/MacOS | |
| rm -rf /Library/Extensions/Sentinel.kext/Contents/MacOS/Sentinel | |
| rm -rf /Library/Extensions/Sentinel.kext/Contents/Resources | |
| rm -rf /Library/Extensions/Sentinel.kext/Contents/Resources/en.lproj | |
| rm -rf /Library/Extensions/Sentinel.kext/Contents/Resources/en.lproj/InfoPlist.strings | |
| rm -rf /Library/Extensions/Sentinel.kext/Contents/_CodeSignature | |
| rm -rf /Library/Extensions/Sentinel.kext/Contents/_CodeSignature/CodeResources | |
| rm -rf /Library/LaunchAgents/com.sentinelone.agent.plist | |
| rm -rf /Library/LaunchDaemons/com.sentinelone.sentineld-guard.plist | |
| rm -rf /Library/LaunchDaemons/com.sentinelone.sentineld-helper.plist | |
| rm -rf /Library/LaunchDaemons/com.sentinelone.sentineld-updater.plist | |
| rm -rf /Library/LaunchDaemons/com.sentinelone.sentineld.plist | |
| rm -rf /Library/Preferences/Logging/Subsystems/com.sentinelone.sentinelctl.plist | |
| rm -rf /Library/Preferences/Logging/Subsystems/com.sentinelone.sentineld-guard.plist | |
| rm -rf /Library/Preferences/Logging/Subsystems/com.sentinelone.sentineld-helper.plist | |
| rm -rf /Library/Preferences/Logging/Subsystems/com.sentinelone.sentineld-updater.plist | |
| rm -rf /Library/Preferences/Logging/Subsystems/com.sentinelone.sentineld.plist | |
| rm -rf /Library/Sentinel | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/Frameworks | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/Frameworks/Sentinel.framework | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/Frameworks/Sentinel.framework/Resources | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/Frameworks/Sentinel.framework/Sentinel | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/Frameworks/Sentinel.framework/Versions | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/Frameworks/Sentinel.framework/Versions/A | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/Frameworks/Sentinel.framework/Versions/A/Resources | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/Frameworks/Sentinel.framework/Versions/A/Resources/Info.plist | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/Frameworks/Sentinel.framework/Versions/A/Sentinel | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/Frameworks/Sentinel.framework/Versions/A/_CodeSignature | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/Frameworks/Sentinel.framework/Versions/A/_CodeSignature/CodeResources | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/Frameworks/Sentinel.framework/Versions/Current | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/Frameworks/sentinel.dylib | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/Info.plist | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/MacOS | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/MacOS/SentinelAgent.app | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/MacOS/SentinelAgent.app/Contents | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/MacOS/SentinelAgent.app/Contents/Info.plist | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/MacOS/SentinelAgent.app/Contents/MacOS | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/MacOS/SentinelAgent.app/Contents/MacOS/SentinelAgent | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/MacOS/SentinelAgent.app/Contents/Resources | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/MacOS/SentinelAgent.app/Contents/Resources/AppIcon.icns | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/MacOS/SentinelAgent.app/Contents/Resources/Assets.car | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/MacOS/SentinelAgent.app/Contents/Resources/Base.lproj | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/MacOS/SentinelAgent.app/Contents/Resources/Base.lproj/MainMenu.nib | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/MacOS/SentinelAgent.app/Contents/Resources/CellView.nib | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/MacOS/SentinelAgent.app/Contents/Resources/DebugMenu.nib | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/MacOS/SentinelAgent.app/Contents/Resources/MenuPopupView.nib | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/MacOS/SentinelAgent.app/Contents/Resources/divider.tiff | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/MacOS/SentinelAgent.app/Contents/Resources/en.lproj | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/MacOS/SentinelAgent.app/Contents/Resources/en.lproj/InfoPlist.strings | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/MacOS/SentinelAgent.app/Contents/Resources/en.lproj/Localizable.strings | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/MacOS/SentinelAgent.app/Contents/Resources/greenBadge.tiff | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/MacOS/SentinelAgent.app/Contents/Resources/logo.tiff | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/MacOS/SentinelAgent.app/Contents/Resources/redBadge.tiff | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/MacOS/SentinelAgent.app/Contents/_CodeSignature | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/MacOS/SentinelAgent.app/Contents/_CodeSignature/CodeResources | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/MacOS/sdiagnose | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/MacOS/sentinelctl | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/MacOS/sentineld | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/MacOS/sentineld_guard | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/MacOS/sentineld_helper | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/MacOS/sentineld_updater | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/Resources | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/Resources/COPYRIGHT | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/Resources/assets | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/Resources/assets/arbiter.db | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/Resources/assets/arbiter.db.sig | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/Resources/assets/signatures.db | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/Resources/assets/signatures.db.sig | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/Resources/assets/whitelist-ext.db | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/Resources/assets/whitelist-ext.db.sig | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/Resources/common.sb | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/Resources/en.lproj | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/Resources/en.lproj/InfoPlist.strings | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/Resources/guard.sb | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/Resources/helper.sb | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/Resources/sentinel-labs.cer | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/Resources/sentineld.sb | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/Resources/sentinelone.cer | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/Resources/uninstall.sh | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/Resources/whitelist-ext.json | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/_CodeSignature | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/_CodeSignature/CodeDirectory | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/_CodeSignature/CodeRequirements | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/_CodeSignature/CodeRequirements-1 | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/_CodeSignature/CodeResources | |
| rm -rf /Library/Sentinel/sentinel-agent.bundle/Contents/_CodeSignature/CodeSignature | |
| rm -rf /private/etc/asl/com.sentinelone.sentinel | |
| rm -rf /usr/local/share/man/man1/sentinelctl.1 | |
| killall SentinelAgent | |
| pkgutil --forget com.sentinelone.pkg.sentinel-agent |
@avenjamin At my previous job IT had it installed as part of their setup image, but the machine I used was never part of the domain/network. I created this gist at some point when High Sierra was just in beta and I needed to upgrade, and the SentinelOne kext gave me some issues (can't remember exactly what). I then just yeeted it from my system.
I haven't done anything with SentinelOne since then, and I barely know anything about it, so it's likely this script has lots of issues.
I've rm the directories while I was in Recovery Mode, but they are all back when I log into the system after reboot. Disgusting SentinelOne!
When I run your scipt, all commands say ~"Permission denied"
@avenjamin We were also trialing. No specific issues with the product, other than resource usage was higher than I would like. It seems to have a ton of features but I can't really peak to it's effectiveness since the only thing I was alerted to during the trial was a false positive. When our trial expired, the agent was still installed on my machine and the sales people were slow to assist so I took matters into my own hands.