Deploying CrowdStrike as a Custom App

By David Marks

Learn how to deploy CrowdStrike's Falcon agent to your macOS devices as a custom app.

Download Custom Profile

For the easiest deployment, we've created a downloadable configuration profile that will approve Crowdstrike for all of its Network Content Filters, Kernel Extensions, System Extensions, and PPPC. and web-filtering needs. This profile is backward-compatible with the Falcon agent that leverages the kernel extension, as well as the latest Falcon agent that leverages a system extension.

Download the custom profile here.

A KEXT-less version of the profile above can be downloaded here.

The KEXT payload is only needed if the CrowdStrike Firmware Analysis option is being utilized on Intel-based Mac devices.

Add a Custom Profile

  1. Click Library in the left-hand navigation bar.
  2. Click Add New in the upper right-hand corner.
  3. Click Custom Profile from the Add New window.

Configure the Custom Profile

  1. Give the profile a Name.
  2. Set the Device Families to Mac.
  3. Assign your custom profile to a test Blueprint.
  4. Upload either the crowdstrike_settings_with_kext.mobileconfig or crowdstrike_settings.mobileconfig file you downloaded previously. 
  5. Save your custom profile.

Add a Custom App

  1. Click Library on the left-hand navigation bar.
  2. Click Add New in the upper right-hand corner.
  3. Click Custom App from the Add New window

Configure the Custom App

  1. Give your custom app a Name.
  2. Assign your custom app to a test Blueprint.
  3. Select Audit and Enforce as the execution frequency.
  4. Paste the Audit Script from the Kandji support GitHub into the Audit Script text field (No modifications needed).
  5. Select Installer Package (install .pkg or .mpkg) 
  6. Upload your FalconSensor package.
  7. Paste the Post-Install Script from below.
    #!/bin/sh
    # This script licenses the CrowdStrike Falcon agent
    # Put your install token here if applicable, otherwise leave blank. Example : customerIDChecksum="A43190DDA81403RANd-91"
    customerIDChecksum="Put Your CID Here"
    # Put your install token here if applicable, otherwise leave blank. Example : installToken="A313G7326"
    installToken=""
    # license CrowdStrike Agent
    /Applications/Falcon.app/Contents/Resources/falconctl license ${customerIDChecksum} ${installToken} 2>&1
    exit 0
  8. In the Post-Install script, replace Put Your CID Here with your CrowdStrike CustomerID inside the quotes. (optionally) Paste your installToken inside the quotes if applicable, otherwise leave blank.
  9. Click Save.

Depending on the Crowdstrike product and version installed, the app path, privacy access, and kernel or system extension requirements may change. As with all Custom Apps, we urge you to test this thoroughly before deploying to a Mac that is in production.