1

I’m the admin for the North American arm of a company who had been evaluating several AV products. We did not receive notice from the parent company to uninstall one of those products before the evaluation expired. I now have 1 server, 1 desktop and 1 laptop installed SentinelOne without access to the console to get the uninstall key. I’ve been told there are two applications, SentinelSweeper and SentinelCleaner that can uninstall the product without the key. If I contact my parent company, they tell me the key can no longer be generated and deactivated the lock on all clients before the expiration. (Didn’t work for me apparently). If I contact SentinelOne for the application, they’ve feigned ignorance of a cleaner product. Does anyone have either Sweeper or Cleaner or maybe a link where I can download it? My only other option would be to reformat these machines.

THANKS

7 Spice ups
2

You should try to find someone from SentinelOne support to help your situation. If your issue is legitimate then they should be able to help you.

It’s highly inadvisable for anyone to give you the S1 sweeper - because a so-called “bad actor” can get a hold of the sweeper and deploy it in a mass scale.

1 Spice up
3

Understood, but they’re unwilling to even acknowledge the existence and won’t escalate without an active account. They should make a tool available for someone with local admin rights. Kaspersky does KAVCLEANER. You can even download it from their site. Trend Micro used to, but I haven’t used them in years. They posted a reg fix.

1 Spice up
4

I have the same problem and I am actually a subscriber. I have a workstation which will not connect back to the console, and the uninstall key doesn’t work.

Support in Australia seems none existent

5

I have the same problem… I was testing for a Symantec replacement… sentinel was not the product we selected and now - after the evaluation expired - I need to remove it.

Does, some knows about the cleaner location

6

I have a legitimate case as I was a SentinelOne user. I had agents installed under the Solarwinds tenant. I had since severed my relationship with Solarwinds and therefore my login no longer works. I contacted SentinelOne support in March and they provided me a link to the cleaner software software. I couldn’t get it to work remotely on my customer because the pc has to be booted in safe mode. A few months later I am registered reseller of SentinelOne through Pax8. I cannot get the new agents to install because the old need to be removed first. I tried the download link and it no longer works. I contacted SentinelOne support and they would not provide me the link or even open a support ticket, or reopen my ticket from a few months ago. They would not provide me any assistance at all. NOTHING!!!

SENTINELONE is the worst customer support. Never use their software.

My only option was to wipe the drive and reinstall Windows.

Completely UNACCPTABLE.

7

I was able to resolve this, but only because we migrated over to S1. Once I had access to the console, I could remove the agent. Prior to that, S1 told me the only fix was to reimage. Sad.

8

Running into this myself. I’d like to better understand the mechanism by which Microsoft can allow a software vendor’s product to be installed such that it’s impossible to remove it - even with local physical access and an admin account - without some magic ‘forgetmestick’ we have to beg the vendor to release. Even with all files deleted (that I can find, via system recovery reboot to shell), registry cleaned of all entries with the ‘sentinelone’ name, etc. - that’s just not right on so many levels.

Any comments on what the S1 installer / sw agent is using / doing to achieve the ‘tamper protection’?

9

Seems to me that SentinelOne is among the MANY managed AV’s out there that local IT shops will install without knowledge of the client (I am running into this myself). Trying to remove this is seemingly impossible.