Capture Client - system requirements
08/26/2021 
3 
3910
DESCRIPTION:
Capture Client is a comprehensive endpoint security solution that protects Windows and macOS devices. It is administered from the SonicWall Cloud Management Console, a cloud service requiring only a web browser and an internet connection.
RESOLUTION:
Hardware
To install Capture Client on a Windows PC or mac, the device must meet the following hardware requirements:
| Specification | Minimum | Recommended |
| CPU requirements | 1 GHz | Dual-core processor |
| Memory requirements | 1 GB RAM | 3 GB RAM (Windows), 2 GB RAM (Mac) |
| Storage requirements | 2 GB free disk space |
|
Note: If you are taking snapshots, add an additional 10%.
General Agent Requirements
- CPU micro-architectures such as x86_32, ARM, RISC, MIPS are not supported
- If you use PAN-OS 8.1 (Palo Alto Networks), you must manually add SentinelOne as an approved application.
Operating Systems
Capture Client Management Console supports endpoints (PCs, laptops, tablets, and other devices) running the following operating systems. Capture Client's advanced threat protection is powered by SentinelOne, and the SentinelOne agent is automatically installed and configured according to the Threat Protection security policy. The recommended SentinelOne agent version is listed below.
Windows
| Operating System | Version | Capture Client | SentinelOne Agent |
Windows Server Core
| 2019, 2016, 2012 | 3.6.24 or later | 4.6.14.304 or later |
| Windows Server | 2019
2016
2012 R2, 2012
2008 R2 | 3.6.24 or later | 4.6.14.304 or later |
| Windows Storage Server | 2016, 2012 R2, 2012 | 3.6.24 or later | 4.6.14.304 or later |
Windows 10
| 32- and 64-bit Windows 10 RS5 on 32- and 64-bit | 3.6.24 or later | 4.6.14.304 or later |
| Windows 8 |
Version 8,8.1 on 32- and 64-bit | 3.6.24 or later | 4.6.14.304 or later |
| Windows 7 |
Version 7 SP1 on 32- and 64-bit | 3.6.24 or later | 4.6.14.304 or later |
NOTE: All agents running on Windows that are supported according to SentinelOne’s life cycle are tested for compatibility with each Windows 10 Redstone release. Supported editions of Windows 7, 8, 8.1 and 10 include Home, Pro, Pro for Workstations, Enterprise, Education, Pro Education, and Enterprise LTSC. Core and Mobile editions are not supported
Windows Agent Dependencies
| Installation | Notes |
| Windows Defender | - You should consider uninstalling Microsoft Defender Antivirus on Windows Server 2016 or 2019 to prevent interoperability issues.
- On Windows 10, when the Agent registers to the Windows Security Center, SentinelOne becomes the primary Virus and Threat protection, instead of Windows Defender unless a Policy Override change is made to allow Defender.
- In Windows 7, 8, and 8.1, the SentinelOne Agent registers to the Windows Security Center along with Windows Defender. SentinelOne does not become primary. You should consider uninstalling Microsoft Defender Antivirus.
|
| .NET Framework 4 and later |
|
| On Windows 10 and Windows Server 2016, install Microsoft KB4093119, to make sure old logs in ProgramData\Sentinel\logs are deleted. |
An endpoint should have only 16 log files, taking up no more than 1.6 GB. |
| On Windows 7, Windows 7 Service Pack 1 (SP1), Windows Server 2012, and Windows Server 2008 R2 SP1, install the Update to enable TLS 1.1 and TLS 1.2 as default secure protocols in WinHTTP and add the Registry subkey, as shown in the article. | SentinelOne Management-Agent communication uses TLS 1.2. This is not supported by default in Windows 7. You must install this update and add the registry subkey, as shown in the article. |
| KB3033929 (SHA2) - Security Update for Windows 7 SP1 and Windows Server 2008 R2 | This security update must be installed on Windows 7 SP1 and Windows Server 2008 R2 SP1 to meet minimum requirements for the installer. |
KB2758857 for Windows 7 and Windows Server 2008 R2 OR KB2533623 and KB4457144 - Security updates for Windows 7 SP1 and Windows Server 2008 R2 (Links to the Updates are on the text above) | After you install this update, you must restart the endpoint and run the Agent installation again. |
| Microsoft Windows Volume Shadow Copy Service (VSS) | Configure VSS before you install the Agent. Refer to this KB article |
| GPO Privileges | The administrator who runs Agent installation through group policy must have RESTORE and TAKE OWNERSHIP privileges to prevent an installer crash. |
| DigiCert | If the endpoint does not get Windows updates, you must manually install DigiCert for the Agent to communicate with the Management. |
Windows Services set to Automatic
| Base Filtering Engine Service Windows Update Service |
Required Windows Administrator Permissions
- The Windows Agent installer works on supported Windows endpoints with default settings. If your environment is hardened with specific changes, the installer might fail or crash. Make sure your environment fulfills these requirements for a successful installation.
- The Windows Agent installation requires Administrator permissions, with write permissions to C:\Users\Public\Documents and C:\ root. Install only as an Administrator, whether local, remote, GPO, or other.
- The Agent Anti-Tampering process restores and takes ownership of files during installation. The user running the installation must have Restore and Take Ownership privileges (default for Windows Administrator).
- The Agent Installer adds a trusted publisher to the machine certificate store that signs the PowerShell profile script of its PowerShell Protection. The local Administrator user must have privileges to install trusted publisher certificates.
- The Agent Installer creates a backup of the ELAM driver in the ELAM backup directory, ELAMBKUP, configured in the system registry. This directory must exist.
- The Agent installs drivers to the Program Files directory. The Program Files directory must be on the system boot volume.
- The Windows System user is required. Do not delete it!
macOS
| Operating System | Version | Capture Client | SentinelOne Agent |
| macOS 11.0, 11.1, 11.2,11.3, 11.3.1, 11.4,11.5, 11.5.1,11.5.2 | Big Sur |
3.6.29* or later, 3.6.24 (Intel chipset only)
| 21.5.3.5411* or later, 4.7.11.5281 (Intel chipset only) |
| macOS 10.15.4, 10.15.5, 10.15.6, 10.15.7 | Catalina | 3.6.24 or later | 4.7.11.5281 or later |
| Note: With release of CC 3.6, Kext based agents are no longer supported. Hence, macOS installations older than 10.15.4 are no longer supported. |
|
|
|
* Supports both Apple M1 silicon and Intel chipset Mac endpoints
Linux
- The Linux Agent is not supported on nodes on containers (Kubernetes, OpenShift).
- The Linux Agent supports SELinux.
- All cloud providers (such as GCP, Azure, AWS) support installation of the Linux Agent on instances that fulfill the system requirements.
- The Linux Agent is compiled with 64-bit kernel and libraries. It supports Intel x86_64 compatible architecture and x64 hardware. The Linux Agent does not support 32-bit architecture; CPU micro-architectures such as ppc64, x86_32, ARM, RISC, MIPS; or UNIX OS versions such as FreeBSD, AIX, Solaris.
- The Linux Agent can be installed on Desktops and Servers of the supported distributions, of new kernel versions only (for example: Oracle 6.9 kernel-uek-4.1.12-61*).
- Limitations of older kernels:
- Kernels lower than 2.6 - Not supported.
- Kernels lower than 3.8 - Static AI and Reputation engines are not triggered on new files written to disk, but they do work from Full Disk Scan. Deep Visibility File Modification and Network Action event types are not supported.
- Kernels lower than 3.10 - Containers are not supported.
- Kernels lower than 3.11 - Static AI cannot analyze files as they are written to a container. The Agent analyzes these files when the files are executed.
- The Agent does not support systems with Kernel Lockdown set to Confidentiality.
For example, Fedora 31 kernel 5.3.7 default Kernel Lockdown was "Confidentiality" which is not supported. Fedora 31 kernel 5.5.x default is "Integrity", which is supported.
| Operating System | Version | Capture Client | SentinelOne Agent |
| Amazon Linux | 2018.03
2017.03
AMI 2 | 3.6.24 or later | 4.6.11.5 or later |
| Red Hat Enterprise Linux (RHEL) | 8.0 - 8.3,
7.x
6.4+ | 3.6.24 or later | 4.6.11.5 or later |
| Ubuntu | 20.04,20.04.1,
19.04, 19.10
18.04,18.04.5, 18.04.7
16.04
14.04 | 3.6.24 or later | 4.6.11.5 or later |
| CentOS | 8.0 - 8.3,
7.x,
6.4+ | 3.6.24 or later | 4.6.11.5 or later |
Oracle Linux (OL)
(formerly known as Oracle
Enterprise Linux or OEL) | 8.0 - 8.3,
7.0- 7.8,
6.9, 6.10 | 3.6.24 or later
| 4.6.11.5 or later
|
| SUSE Linux | Enterprise Server 12.x, 15.x | 3.6.24 or later | 4.6.11.5 or later |
| Fedora | 25, 26, 27, 28, 29, 30,
31(starting with kernel 5.5.x),
32,33 | 3.6.24 or later | 4.6.11.5 or later |
| Debian | 8, 9, 10 | 3.6.24 or later | 4.6.11.5 or later |
| Virtuozzo | 7 | 3.6.24 or later | 4.6.11.5 or later |
| Scientific Linux | 6,7 | 3.6.24 or later | 4.6.11.5 or later |
Linux Minimum Hardware Requirements for Agent and for Endpoint Usage
| Minimum for Managed Endpoint | Notes for Agent Requirements |
| 2 GHz Dual-core |
|
| 4 GB RAM | According to distro requirements. |
| 25 GB free disk space for OS | Make sure endpoint size fits requirements for logs, files, services, etc. |
| 2 GB | At least 2 GB in /opt/sentinelone with 3 GB recommended |
| Instruction-supported CPU: SSE4_2 | |
Required Software
- Dependencies: None on baseline distro installations.
If the Linux OS is customized:- Get the list of dependencies:
rpm -qRp SentinelAgent_installerFileName.rpm
or
dpkg -I SentinelAgent_installerFileName.deb - Make sure these kernel flags are set to y:
CONFIG_KRETPROBES=y
CONFIG_KPROBES=y
CONFIG_FTRACE=y
Browser Levels
Based on the operating system you are using, the following browser levels are supported. These browser levels apply to the browser running the Cloud Management Console.
| Browser Supported | Windows Server | Windows 10 | Windows 8 | Windows 7 | Vista | Linux | macOS |
Microsoft Edge (latest version)
| ✓ | ✓ | | | | | |
| Mozilla FireFox (version 52.5 ESR or later) | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Google Chrome (latest version) | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Apple Safari (latest version) | | | | | | | ✓ |
It is recommended that Administators also review SentinelOne Version availability with Capture Client before installation and upgrades.
SentinelOne Agent compatibility with Capture Client
Please refer to this KB article for details
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
Email SecurityProtect against today’s advanced email threats
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
