Skip to main content
  1. Addigy
  2. Policies & Catalog
  3. Smart Software

Deploying CrowdStrike Using Addigy

Updated:

This article serves as a guide on how to deploy CrowdStrike Falcon using Addigy. 

Table of Contents

Note: The MDM profiles discussed in this article should be deployed prior to deploying the CrowdStrike Application.

What do I need to get started? 

For starters, you will need a macOS PKG installer from CrowdStrike to upload into Addigy.  

Once you have the PKG, upload that into Addigy and an installation script will be provided for you by pressing the "Add" button as seen below: 

The installation script should look similar to the below: 

falcon="INSERT LICENSE HERE"
falconpath="/Applications/Falcon.app/Contents/Resources/falconctl"

/usr/sbin/installer -pkg "/Library/Addigy/ansible/packages/Falcon (1.0)/FalconSensorMacOS.pkg" -target /

sudo $falconpath license $falcon

I created the Custom Software item, now what? 

We're glad you asked!

Most Antivirus/Antimalware tools require the same three items to be deployed before the application is on the device: 

  1. System/Kernel Extensions 
  2. Full Disk access (FDA) 
  3. Web Content Filters (Sometimes optional or not required by the application) 

Below you will find the information needed for each of these fields. 

System/Kernel Extensions 

For the System extensions, it is recommended to whitelist CrowdStrike via Team ID. CrowdStrike's Team ID is

X9E956P446. 

The MDM profile should look identical to the below image: 

Full Disk Access

In order to grant Full Disk Access, you need to configure an MDM profile for Privacy Preferences Policy Control (PPPC).

The Bundle IDs 

com.crowdstrike.falcon.Agent
com.crowdstrike.falcon.App

The Code Requirements 

identifier "com.crowdstrike.falcon.Agent" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = X9E956P446
identifier "com.crowdstrike.falcon.App" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = X9E956P446

Note: The only fields needed are Access to All Protected and System Administration Files as seen below: 

Addigy___Catalog_MDM_Profiles.png

Web Content Filter

The Web Content Filter should be configured per the below, however, please note that the user will still get a pop-up that they will have to accept, per the software vendor: 


Service Management (Ventura)

In accordance with CrowdStrike's documentation, Service Management is currently intended for Ventura only. The values and functionality may vary with higher OS versions such as macOS Sonoma (14.0).

Create a Service Management MDM Profile within Addigy with the following configurations:

Rule Type:

Label

Rule Value:

com.crowdstrike.falcon.UserAgent

Team Identifier:

X9E956P446

Once you have these items set up, click Add Rule. You can then verify the rule below, add a Payload Name, and click "Create Profile".

 Once created, assign this profile to policies that you are planning on deploying CrowdStrike to, along with the Crowdstrike Custom Software item. You're all set!

Was this article helpful?
1 out of 6 found this helpful
Return to top

Didn’t find what you’re looking for?

Contact our Support Team