Overview
In some environments, multiple network or content filters may be required, and running more than one at a time can cause potential network conflicts. This article explains how to disable the Network Filtering feature in SentinelOne for macOS when another network/content filter solution is already in place.
Prerequisites
- Access to the SentinelOne Management Console
- Administrative privileges for editing SentinelOne policies
- Existing alternative Network or Content Filter active on Addigy managed devices
How to Disable SentinelOne Network Filtering
Configuration Steps
- Log into the SentinelOne Management Console
- Navigate to your organization's dashboard.
- Go to Policy Overrides
- Click Settings > Policy Overrides.
- Select New Configuration to begin.
- Create a Custom Configuration
- Enter a Name and Description that describe the purpose (e.g., "Disable Network Filtering on macOS").
- Specify macOS as the operating system.
- Assign the appropriate Account or Site rule where you do not want SentinelOne's network filtering to run.
- Set the Configuration Values
Add the following configuration to your new rule:
{ "Firewall": { "AllowNetworkExtensionLoad": false, "AllowPFFiltering": 1 } }- These settings prevent the SentinelOne agent from loading its network extension and maintain packet filtering compatibility.
- Save the Configuration
- Click Save to apply your new configuration rule.
Verification
You can run the following commands to verify the Network Extension is no longer active:
Command Line Verification
Terminal Command:
systemextensionsctl list
If disabled, the output for SentinelOne should indicate:
4AYE5J54KN com.sentinelone.network-monitoring ... [terminated waiting to uninstall on reboot]
Terminal Command:
sudo /usr/local/bin/sentinelctl status
Look for lines indicating Network Extension is not running. (Example below is an active extension running)
Agent Network Monitoring: started Network Extension: running Network Extension Content Filter: active
GUI Verification
- Within the SentinelOne agent user interface on the Mac:
- Check under the status section for:
- Agent Network Monitoring: “started”
- Network Extension: should not be listed as “running”
- Network Extension Content Filter: should not show as “active”
- Check under the status section for:
Additional Notes
- Disabling SentinelOne’s network filtering is only recommended if another network or content filter is fully deployed and managed on the target devices.
- Always confirm changes via both command line and GUI to ensure configuration is applied successfully and devices remain protected.
- For more advanced configuration or troubleshooting, contact Addigy Support or consult SentinelOne product documentation.