Deploying CrowdStrike as a Custom App

By Emalee Firestein

Learn how to deploy the CrowdStrike Falcon agent to your macOS devices as a custom app

This deployment guide is applicable for installing the CrowdStrike Falcon Sensor on macOS 12 (Monterey), macOS 13 (Ventura), and macOS 14 (Sonoma).

Prerequisites
Considerations
Add and Configure the Custom Settings Profile
Add and Configure the Service Management Profile
Add and Configure the Custom App

Prerequisites

CrowdStrike installer from the vendor (Hosts > Sensor Downloads)
Crowdstrike Custom Settings (GitHub Link)
CrowdStrike Service Management Profile (GitHub Link)
CrowdStrike Audit Script (GitHub Link)
CrowdStrike Postinstall script (GitHub Link)

Considerations

The CrowdStrike Settings Profile is designed to facilitate the approval of CrowdStrike across all network content filters, kernel extensions, system extensions, PPPC, and web-filtering requirements. This profile is compatible with both the older Falcon agent using kernel extensions and the latest version utilizing system extensions.
The CrowdStrike Service Management Profile handles essential login and background processes.
If you require it, the Legacy System Extension (KEXT) Settings Profile can be accessed via this GitHub link.
- This profile supports both the Falcon agent with kernel extensions and the newer version with system extensions.
- The KEXT payload is necessary only when using the CrowdStrike Firmware Analysis feature on Intel-based Mac computers.
Please note that depending on the specific CrowdStrike product and version you have installed, there may be variations in app paths, privacy access settings, and kernel or system extension requirements. As with any custom application, we strongly recommend thorough testing before deploying it to a production Mac.

Add and Configure the Custom Settings Profile

Navigate to Library in the left-hand navigation bar.
Click Add New on the top-right, and choose Custom Profile.
Click Add & Configure.
Give your Custom Profile a Name.
For Install on, select Mac.
Assign to your desired Assignment Maps or Classic Blueprints.
Upload the CrowdStrike Settings Profile (or Legacy System Extension (KEXT) settings profile).
Click Save.

Add and Configure the Service Management Profile

The service management profile for Crowdstrike Falcon is compatible with macOS 13 Ventura and later. For macOS Monterey 12 and earlier, an Assignment Map must be used for advanced scoping to prevent the service management profile from being assigned to those devices. To learn more about using rules in Assignment Maps, see our Advanced Assignment Maps Configuration support article.

Navigate to Library in the left-hand navigation bar.
Click Add New on the top-right, and choose Custom Profile.
Click Add & Configure.
Give your Custom Profile a Name.
For Install on, select Mac.
Assign to your desired Assignment Maps or Classic Blueprints. If using Assignment Maps, configure the Assignment Rules in your conditional block to ensure that the profile is only installed on Mac computers running macOS Ventura and later.
Upload the profile that you downloaded previously from GitHub.
Click Save.

Add and Configure the Custom App

In the left-hand menu, click on Library.
Near the top-right, click Add New.
Select Custom App.
Click Add & Configure.
Give the Custom App a Name. Optionally, add a custom icon.
Assign to your desired Assignment Maps or Classic Blueprints.
Change the Installation to Audit and Enforce.
Copy and paste the crowdstrike_ae_script.zsh script from the prerequisites into the Audit & Enforce text box. No modification is required.
Select Installer Package (install .pkg or .mpkg) as the deployment type
Upload the installer package.
Paste the Postinstall Script referenced in the Prerequisites.
- In the Post-Install script, update the customerIDChecksum variable on line 55 with your Customer ID
- Optionally, paste your install token on line 59 inside the installToken variable; otherwise, leave it blank.
Click Save.