The purpose of this article is to share and discuss the system requirements for SentinelOne. SentinelOne offers several different agents for different use cases, so each one will be reviewed. This article will also discuss resolving high CPU and memory utilization of SentinelOne agents.
SentinelOne in comparison to today’s modern hardware has a light footprint. However, there are many organizations that run legacy systems, like Windows XP due to application requirements. Understanding SentinelOne’s utilization of memory and CPU as well as its system requirements will help IT decision makers deploy SentinelOne in a way that provides a good experience for their end users and systems.
Hardware System Requirements for SentinelOne Agent
Processor: 1GHz dual-core CPU or higher
Hard Drive: 2GB of hard drive space
Memory: 1GB of RAM memory or higher if required by OS (2GB recommended)
The hardware system requirements for the SentinelOne agent is relatively light. The actual usage varies by deployment. The system requirements for SentinelOne show that your endpoint system must have at least a 1GHz dual-core CPU or higher, 2GB of hard drive space and 1GB of RAM. Most endpoint systems these days have much more system resources. It is pretty standard to have at least a four-core processor, 8GB of RAM and at least 256GB of SSD storage.
SentinelOne Supported Operating Systems (OS):
Windows: All Windows operating systems starting Windows 7 SP1 through Windows 11 and all Windows Server starting with 2008 R2 SP1 to Server/Core 2019
Windows Legacy Support: Windows XP, Server 2003, Server 2008
MacOS: macOS Catalina, Mojave, High Sierra, Monterey
Linux: Ubuntu, Redhat (RHEL), CentOS, Oracle, Amazon AMI, SUSE Linux Enterprise Server, Fedora, Debian, Virtuozzo, Scientific Linux
Containers: Kubernetes self-managed v1.13+ (self-managed, AWS Kubernetes (EKS), Azure AKS)
Virtualization: Citrix XenApp, Citrix XenDesktop, Oracle VirtualBox, VMware vSphere, VMware Workstation, VMware Fusion, VMware Horizon, Microsoft Hyper-V, Microsoft RDS
SentinelOne System Resource Utilization
The actual usage of system resources varies by deployment. Since EDR is to be deployed on all systems in the environment and may include legacy systems that date back to the days of Windows XP, it is important to reference what actual usage would look like. System specs from years ago were much less powerful than systems today. A benchmark study performed in 2019 by PassMark reveals what usage actually looked like at that time. It showed the following:
- SentinelOne Installation time: 32 seconds
- SentinelOne Installation size: 206.7 MB
- SentinelOne Average time to complete a scan: 38.85 minutes
- SentinelOne CPU usage during scan: 17%
A different benchmark study performed by Passmark in 2017 showed more results:
- SentinelOne CPU usage during idle: 0.84%
- SentinelOne RAM memory usage during idle: 185.6 MB
- SentinelOne installation time: 15 seconds
- SentinelOne installation size: 302.2 MB
Comparing these two benchmarks shows that the installation size had decreased from 2017 to 2019. It should be noted that the test machine from both studies had the following system specs:
Operating System: Windows 10 (64 bit)
Processor: Intel Core i5-4460 CPU @ 3.20GHz 3.20 GHz
RAM: 8GB DDR3 RAM
Hard Disk/SSD: Samsung SSD 850 PRO 512 GB
You should consider that by having system specs that are lower would reduce performance. You can reference these numbers and benchmarks to get an understanding of what a SentinelOne deployment might look like on your systems.
Contact an EDR Specialist
If you would like to do a free proof of concept to benchmark and see how SentinelOne would perform in your environment, please fill out the form below to have an EDR specialist contact you.
EDR Can Sometimes Be a Fickle Beast
EDR solutions in general can be a fickle beast. There are applications that do not play well with EDR solutions, and it is difficult to determine which applications will have problems. These problems usually reveal themselves in the form of higher than normal CPU and memory utilization. The course of action many take is to unfortunately exclude those application servers from your EDR deployment and use an antivirus agent for protection. When these problems occur, it should be reported to SentinelOne support as they may release a patch to fix the issue in their next patch release. They may also have other ideas on how to circumvent the issue.