Deploying CrowdStrike as a Custom App

Prerequisites

Intel-based Mac computers require the KEXT version of the Crowdstrike settings profile when using Crowdstrike's Firmware Analysis feature. If you are not using Firmware Analysis, we recommend using the non-KEXT versions of the custom settings below.

• CrowdStrike installer from the vendor (Hosts > Sensor Downloads)

• Crowdstrike Custom Settings

  • All Mac Architectures

    • macOS 15 (Sequoia) (GitHub Link)

  • Apple Silicon

    • macOS 12 (Monterey) - macOS 14 (Sonoma) (GitHub Link)

  • Intel with KEXT

    • macOS 12 (Monterey) - macOS 14 (Sonoma) (GitHub Link)

• CrowdStrike Service Management Profile

  • macOS 13 (Ventura) - macOS 15 (Sequoia) (GitHub Link)

• CrowdStrike Audit Script (GitHub Link)

• CrowdStrike Postinstall script (GitHub Link)

Considerations

• The CrowdStrike Settings Profile is designed the facilitate the approval of CrowdStrike across all network content filters, kernel extensions, system extensions, PPPC, and web-filtering requirements. This profile is compatible with both the older Falcon agent using kernel extensions and the latest version utilizing system extensions.

• The CrowdStrike Service Management Profile handles essential login and background processes.

• If you require it, the Legacy System Extension (KEXT) Settings Profile can be accessed via this GitHub link.

  • This profile supports both the Falcon agent with kernel extensions and the newer version with system extensions.

  • The KEXT payload is necessary only when using the CrowdStrike Firmware Analysis feature on Intel-based Mac computers.

• Please note that depending on the specific CrowdStrike product and version you have installed, there may be variations in app paths, privacy access settings, and kernel or system extension requirements. As with any custom application, we strongly recommend thorough testing before deploying it to a production Mac.

Add and Configure the Custom Settings Profile

1. Navigate to Library in the left-hand navigation bar.

2. Click Add New on the top-right, and choose Custom Profile.

3. Click Add & Configure.

4. Give your Custom Profile a Name.

5. For Install on, select Mac.

6. Assign to your desired Assignment Maps or Classic Blueprints.

7. Upload the CrowdStrike Settings Profile (or Legacy System Extension (KEXT) settings profile).

8. Click Save.

Add and Configure the Service Management Profile

The service management profile for Crowdstrike Falcon is compatible with macOS 13 Ventura and later. For macOS Monterey 12 and earlier, an Assignment Map must be used for advanced scoping to prevent the service management profile from being assigned to those devices. To learn more about deploying Crowdstrike in Assignment Maps, follow the Deploying with Assignment Maps section.

1. Navigate to Library in the left-hand navigation bar.

2. Click Add New on the top-right, and choose Custom Profile.

3. Click Add & Configure.

4. Give your Custom Profile a Name.

5. For Install on, select Mac.

6. Assign to your desired Assignment Maps or Classic Blueprints. If using Assignment Maps, configure the Assignment Rules in your conditional block to ensure the profile is only installed on Mac computers running macOS Ventura and later.

7. Upload the profile that you downloaded previously from GitHub.

8. Click Save.

Add and Configure the Custom App

1. In the left-hand menu, click on Library.

2. Near the top-right, click Add New.

3. Select Custom App.

4. Click Add & Configure.

5. Give the Custom App a Name. Optionally, add a custom icon.

6. Assign to your desired Assignment Maps or Classic Blueprints.

7. Change the Installation to Audit and Enforce.

8. Copy and paste the crowdstrike_ae_script.zsh script from the prerequisites into the Audit & Enforce text box. No modification is required.

9. Select Installer Package (install .pkg or .mpkg) as the deployment type

10. Upload the installer package.

11. Paste the Postinstall Script referenced in the Prerequisites.

    • In the Post-Install script, update the customerIDChecksum variable on line 55 with your Customer ID

    • Optionally, paste your install token on line 59 inside the installToken variable; otherwise, leave it blank.

12. Click Save.

Deploying with Assignment Maps

There are four Crowdstrike Custom Profiles that need conditional logic to ensure they are deployed to the correct devices. An Assignment Map provides an easy solution for all of your devices in one convenient view.

Please review our Getting Started with Assignment Maps and Advanced Assignment Maps Configuration  articles.

1. Start with the For All devices on this Blueprint conditional block.

2. Assign the Crowdstrike Custom App to the block.

   • If multiple Custom Apps are needed, create a conditional block with conditions for the different versions of the installer.

3. Set the top of the conditional block to If macOS is greater than or equal to 15.0.

4. Assign the crowdstrike_settings_macOS15 Custom Profile to the conditional block.

5. Set the top of the conditional block to If Chip type is Apple Silicon.

6. Assign the crowdstrike_settings Custom Profile to the conditional block.

7. Set the bottom conditional block to else if Chip type is Intel.

8. Assign the crowdstrike_settings_with_kext Custom Profile to the conditional block.

9. Set the top of the conditional block to If macOS is greater than or equal to 13.0.

10. Assign the crowdstrike_service_management Custom Profile to the conditional block.