Deploying CrowdStrike as a Custom App

By David Marks

Learn how to deploy the CrowdStrike Falcon agent to your macOS devices as a custom app.

Depending on the Crowdstrike product and version installed, the app path, privacy access, and kernel or system extension requirements may change. As with all Custom Apps, we urge you to test this thoroughly before deploying to a Mac that is in production.

Prerequisites

  • Download the installer package for Mac from your Crowdstrike portal (Hosts > Sensor Downloads).
  • Copy the crowdstrike_ae_script.zsh script from the Kandji support GitHub repository (GitHub Link).
  • Download the crowdstrike_settings.mobileconfig file from the Kandji support GitHub repository (GitHub Link). You can right-click the link and select Save link as... to download the mobileconfig file directly.

    • This configuration profile approves Crowdstrike for all of its Network Content Filters, Kernel Extensions, System Extensions, and PPPC. and web-filtering needs. This profile is backward-compatible with the Falcon agent that leverages the kernel extension, as well as the latest Falcon agent that leverages a system extension.

    • A Legacy System Extension (KEXT) version of the profile above can be downloaded here. This profile is backward-compatible with the Falcon agent that leverages the kernel extension, as well as the latest Falcon agent that leverages a system extension.

      The KEXT payload is only needed if the CrowdStrike Firmware Analysis option is being utilized on Intel-based Mac devices.

  • Download the crowdstrike_service_management.mobileconfig file from the Kandji support GitHub repository (GitHub Link). You can right-click the link and select Save link as...to download the mobileconfig file directly.

    • This configuration profile allows managed background items for CrowdStrike.

Add a Custom Profile

  1. Click Library in the left-hand navigation bar.
  2. Click Add New in the upper right-hand corner.
  3. Click Custom Profile from the Add New window.

Configure the Custom Settings Profile

  1. Give the profile a Name.
  2. Assign your custom profile to a test Blueprint.
  3. For Install on, select Mac.
  4. Upload the crowdstrike_settings.mobileconfig (or KEXT version) file you downloaded previously. 
  5. Save your custom profile.

Configure the Service Management Profile

  1. Create a Custom Configuration Profile in Kandji by selecting Library > Add New > Custom Profile > Add & Configure.
  2. Give the profile a Name.
  3. Assign your custom profile to the same test Blueprint as above.
  4. For Install on, select Mac.
  5. When adding this profile, add an Assignment Rule to only apply the profile to computers where the macOS Version is greater than or equal to 13.0, as shown below. Click Confirm

  6. Upload the profile that you downloaded previously from GitHub. 

  7. Save your custom profile.

    Using an Assignment Rule for the service management payload ensures this payload is only deployed to Mac computers running macOS Ventura or later. The audit and enforcement script provided by Kandji only checks for the presence of the service management payload on macOS Ventura or later.

Add a Custom App

  1. In the left-hand menu, click on Library.
  2. Near the top-right, click Add New.
  3. Select Custom app.
  4. Click Add & Configure.

Configure Custom App

  1. Give the Custom App a name. Example: Crowdstrike. Optionally, add a custom icon.
  2. Assign to a test blueprint.
  3. Change the installation type to Audit and Enforce.
  4. Copy and paste the crowdstrike_ae_script.zsh script from earlier into the Audit & Enforce text box. No modification is needed.
  5. Select Installer Package (install .pkg or .mpkg) as the deployment type
  6. Upload the installer package.
  7. Paste the Post-Install Script below.

    #!/bin/sh
    # This script licenses the CrowdStrike Falcon agent
    
    # Put your install token here if applicable, otherwise leave blank.
    # Example : customerIDChecksum="A43190DDA81403RANd-91"
    customerIDChecksum="Put Your CID Here"
    
    # Put your install token here if applicable, otherwise leave blank.
    # Example : installToken="A313G7326"
    installToken=""
    
    # license CrowdStrike Agent
    /Applications/Falcon.app/Contents/Resources/falconctl license "${customerIDChecksum}" "${installToken}" 2>&1
    
    exit 0
  8. In the Post-Install script, replace Put Your CID Here with your CrowdStrike CustomerID inside the quotes. (optionally) Paste your installToken inside the quotes if applicable; otherwise, leave it blank.

  9. Click Save.