Advance Notice: EDR Mac 22.1 GA and Linux Agent Update

We are pleased to announce that Tuesday, June 14, the Endpoint Detection and Response (EDR) product will be releasing new agents for both Mac and Linux. The Mac agent will see an update to 22.1 GA ( and the Linux agent will see an update to 22.1 GA ( We strongly recommend upgrading these agents as soon as possible to provide the maximum level of protection available.

New and improved in Mac 22.1 GA (

  • Improved detection capabilities
  • General bug fixes and improvements

For the full list of Bug Fixes please see the Release Notes link below

New and improved in Linux 22.1 GA (

Ubuntu Support

Linux 22.1 GA brings with it support for Ubuntu 22.04

Memory Capping Enhancements

Agent memory limits are enabled by default for systems with less than 500GB of memory. If values for both a percent and size are configured, the Agent uses the lower of the two values.

Performance Improvements

To improve Agent performance, reduce memory usage, and reduce event handling time, the internal data model the Agent keeps is now stored fully in memory. The RocksDB database and the /opt/sentinelone/model/model.db folder are no longer created during Agent installation.

Application Control Updated (Standalone Only)

You can now configure Application Control to alert and dispatch threats as malicious. 

New eBPF Improvements

To further improve Agent performance, SentinelOne is using the Extended Berkeley Packet Filter (eBPF) to collect operating system telemetry events (where the OS supports it). eBPF features are gradually added over future Agent releases. The eBPF feature released in this Agent is in regards to the perf provider enhanced to use the eBPF framework to track file create, delete, and rename events.

For the full list of Bug Fixes please see the Release Notes link below

For full details on all updates please check out our Release Notes:

This entry was posted in N-central, N-sight. Bookmark the permalink.