In many configurations, you cannot use the unload command while the agent is in a "protected" state. You must often "unprotect" the agent first using a Passphrase or Token retrieved from the SentinelOne Management Console . Common Usage and Syntax
The SentinelOne Agent is designed with advanced self-protection (anti-tamper) mechanisms. Under normal operating conditions, these services cannot be stopped via the Windows Service Manager or Task Manager. The sentinelctl.exe tool provides a controlled way to manage these services. Sentinelctl.exe Unload
If a machine is experiencing extreme disk space consumption due to VSS Shadow Copies (snapshots), unloading the agent can allow administrators to manually clear shadow storage . In many configurations, you cannot use the unload
This command must be executed from an Administrator command prompt. Under normal operating conditions, these services cannot be
Disabling the agent's monitoring and protection modules without fully uninstalling the software.