SentinelOne (S1): Manually Restore Network Connectivity

Description

You must be logged into your SentinelOne Management portal at the following URL to view SentinelOne linked articles.

Steps to Manually Restore Network Connectivity after Network Quarantine

 

These steps are for if the device is not reporting back to the S1 console to allow Network Restoration.

  • This will require someone to be physically at the isolated device to run the required commands.
  1. Retrieve the Passphrase for the S1 agent/Device in question.
    1. Login to the S1 management console.
    2. Navigate to Sentinels image-20240909-151612.png and locate the device.
    3. Select the checkbox for the device.
    4. From the purple Actions button, hover Agent Actions and select Show Passphrase.

image-20240909-151430.png

  1. Note/Copy the Passphrase for use in Step 4.
  1. Open up Command Prompt with Run as Administrator.
  2. Go to the folder where the file SentinelCtl.exe resides.
    1. cd "C:\Program Files\SentinelOne\Sentinel Agent <version>"
    2. NOTE: The Sentinel Agent folder version will vary depending on the S1 agent version currently being used.
  3. Run the following commands
    1. sentinelctl.exe unprotect -k "<Passphrase>"
      1. NOTE: You will need to replace <Passphrase> with the passphrase retrieved for the device in Step 1.
    2. sentinelctl.exe unquarantine_net
    3. sentinelctl protect
  4. You may see network connectivity restored, but some services may require a restart to begin working correctly.
    1. We recommend restarting the device to make sure all services and connectivity are working/continue working.

Related Articles

  • MPSS Frequently Asked Questions (FAQs)
    Read More
  • Getting Started with MPSS
    Read More
  • MSS FMM: NSM - Frequently Asked Questions (FAQs)
    Read More

Categories

Managed Security Services
Endpoint Managed Detection and Response
MDR for SentinelOne
not finding your answers?
Ask the Community