SentinelOne Script Suddenly Stopped Working

The below script would run with no issues but suddenly it stopped working. The script still does successfully create the temp directory and downloads the file into the directory but it never runs.

1 Like

Here’s mine, I would work in a check to see if a key actually exist and exit if not. With the file attached to the script, it will make the directory if it doesn’t exist, you shouldn’t need the MD part, maybe that’s where it is erroring out at because the directory already exist. The file download part is done before the script ever runs. Scripts are packaged into a PS1 and ran locally, so it downloads the file, then runs the PS1 file.

Import-Module $env:SyncroModule

if ($sitetoken -ne ""){
C:\temp\S1Agent.exe /SITE_TOKEN=$sitetoken /SILENT /NORESTART
}
    else {
        write-host "No Site Token Detected"
    }

In most of my scripts, I do a folder check, create if it doesn’t exist, or move on if it does. This will help prevent some errors from stopping the script from continuing. As I mentioned above, I haven’t had to do it on any scripts that have files attached.

$workingdir = "c:\temp"

# Test if the working directory exist
    If(!(test-path $workingdir))
        {
        New-Item -ItemType Directory -Force -Path $workingdir
        }

error> md : An item with the specified name C:\temp already exists. error> At C:\ProgramData\Syncro\bin\fa9d7628-2a85-48ba-8bc0-bab0d8f978ea.ps1:3 char:1 error> + md c:\temp error> + ~~~~~~~~~~ error> + CategoryInfo : ResourceExists: (C:\temp:String) [New-Item], IOException error> + FullyQualifiedErrorId : DirectoryExist,Microsoft.PowerShell.Commands.NewItemCommand error> Timed out (00:10:00).

Yes sir, just as I mentioned, the directory already exist, so there’s no need to run MD. MD does not validate and will error if it exist.

I removed the MD I only added it because it used to throw an error that the path does not exist now that I removed it it just get timed out.

Check if the process actually starts. If for some reason the site token doesn’t pass through, I’ve seen the S1 installer stay running indefinitely. Also try the EXE and see if you get the same results. When I put my script together, every document I could find listed the EXE for silent deployments.

Hi All
I’ve used the script above in order to deploy S1 to the machine but it didn’t work.anyone have any other script.
thanks