Deploying CrowdStrike as a Custom App

Learn how to deploy the CrowdStrike Falcon agent to your macOS devices as a custom app

• Prerequisites
• Considerations
• Add a Custom Profile
• Configure the Custom Settings Profile
• Configure the Service Management Profile
• Add and Configure a Custom App

Prerequisites

• CrowdStrike installer from the vendor (Hosts > Sensor Downloads)
• CrowdStrike Service Management Profile (GitHub Link)
• Crowdstrike Settings (GitHub Link)
• CrowdStrike Audit Script (GitHub Link)
• CrowdStrike Postinstall script (GitHub Link)

Considerations

• The CrowdStrike Settings profile approves Crowdstrike for all of its Network Content Filters, Kernel Extensions, System Extensions, and PPPC, and web-filtering needs. This profile is backward-compatible with the Falcon agent that leverages the kernel extension, as well as the latest Falcon agent that leverages a system extension.

• The CrowdStrike Service Management profile manages necessary login and background items.

• If needed, the Legacy System Extension (KEXT) settings profile can be downloaded from this GitHub link. This profile is backward-compatible with the Falcon agent that leverages the kernel extension, as well as the latest Falcon agent that leverages a system extension.  The KEXT payload is only needed if the CrowdStrike Firmware Analysis option is being utilized on Intel-based Mac computers.

• Depending on the Crowdstrike product and version installed, the app path, privacy access, and kernel or system extension requirements may change. As with all Custom Apps, we urge you to test this thoroughly before deploying to a Mac that is in production.

Add a Custom Profile

1. Click Library in the left-hand navigation bar.
2. Click Add New in the upper right-hand corner.
3. Click Custom Profile from the Add New window.

Configure the Custom Settings Profile

1. Give the profile a Name.
2. Assign your custom profile to a test Blueprint.
3. For Install on, select Mac.
4. Optionally, configure Assignment Rules.

5. Upload the CrowdStrike Settings Profile (or Legacy System Extension (KEXT) settings profile).

6. Click Save.
   
   

Configure the Service Management Profile

Using an Assignment Rule for the service management payload ensures this payload is only deployed to Mac computers running macOS Ventura or later. The audit and enforcement script provided by Kandji only checks for the presence of the service management payload on macOS Ventura or later.

1. Create a Custom Configuration Profile in Kandji by selecting Library > Add New > Custom Profile > Add & Configure.
2. Give the profile a Name.
3. Assign your custom profile to the same test Blueprint as above.
4. For Install on, select Mac.

5. When adding this profile, add an Assignment Rule to only apply the profile to computers where the macOS Version is greater than or equal to 13.0, as shown below. Click Confirm.

   

6. Upload the profile that you downloaded previously from GitHub. 

7. Save your custom profile.
   

Add and Configure a Custom App

1. In the left-hand menu, click on Library.
2. Near the top-right, click Add New.
3. Select Custom app.
4. Click Add & Configure.
5. Give the Custom App a name. Optionally, add a custom icon.
6. Assign to your desired blueprint.
7. Optionally, configure Assignment Rules.
   
8. Change the installation type to Audit and Enforce.
9. Copy and paste the crowdstrike_ae_script.zsh script from the prerequisites into the Audit & Enforce text box. No modification is needed.
   
10. Select Installer Package (install .pkg or .mpkg) as the deployment type
11. Upload the installer package.
12. Paste the Postinstall Script referenced in the Prerequisites.
13. In the Post-Install script, update the customerIDChecksum variable on line 55  with your Customer ID
14. Optionally, paste your install token on line 59 inside the installToken variable; otherwise, leave it blank.
15. Click Save.