Skip to main content
Question

CrowdStrike Falcon Install via Jamf Pro

  • July 1, 2019
  • 16 replies
  • 778 views

Forum|alt.badge.img+5

Hi, Has anyone been able to deploy Crowdstrike Falcon via jamf?

We need to deploy this to 180+ machines and don't want to manually install every device.

16 replies

Forum|alt.badge.img+10
  • Contributor
  • July 1, 2019

Yes is very easy to deploy


Forum|alt.badge.img+14
  • Employee
  • July 1, 2019

Some info here: https://www.jamf.com/jamf-nation/third-party-products/636/crowdstrike-falcon?view=info


Forum|alt.badge.img+4
  • Contributor
  • July 1, 2019

We use it in the company I work for. I have an ongoing policy scoped to computers that don't have crowdstrike installed. I deploy a pkg and insert the license with a very short script after install:

#!/bin/sh
/Library/CS/falconctl license $4
exit 0

where $4= your license

we also added an approved kernel extension (more info here and here)


dennisnardi
Forum|alt.badge.img+15
  • Jamf Heroes
  • July 2, 2019

There's a thread about CrowdStrike at https://www.jamf.com/jamf-nation/discussions/26080/crowdstrike-falcon-does-it-blend that has some good info.


Forum|alt.badge.img+31
  • Honored Contributor
  • July 2, 2019

Yes, it is like a million times easier to install on macOS than it is on Windows. I deploy mine at boostrap/enrollment and then have healthchecks that will report on failed instances. Phase 2 is auto remediation of those tools, but I haven't tackled that yet


Forum|alt.badge.img+5
  • Author
  • Contributor
  • August 5, 2020

I am bumping this up since we are now trying to upgrade our base sensors.

I am getting. error; any ideas?

Executing Policy CrowdStrike Sensor Test
Downloading FalconSensorMacOS-3.pkg...
Verifying package integrity...
Installing FalconSensorMacOS-3.pkg...
Installation failed. The installer reported: installer: Package name is CrowdStrike Falcon Sensor
installer: Upgrading at base path /
installer: The upgrade failed. (The Installer encountered an error that caused the installation to fail. Contact the software manufacturer for assistance. An error occurred while running scripts from the package “FalconSensorMacOS-3.pkg”.)
Running script CrowdStrike Installer Script...
Script exit code: 1
Script result: Error: This machine is already licensed
Error running script: return code was 1.


Jason33
Forum|alt.badge.img+13
  • Honored Contributor
  • August 6, 2020

@j_allenbrand That machine is already licensed, according to the result. You can reach out to the user to ask them to verify if Falcon is running, by doing ps aux | grep falcon, or there are a couple of EA's you can run to get the connected state, and version of the sensor installed.


Forum|alt.badge.img+4
  • Contributor
  • February 12, 2021

even i am getting same issue as @j_allenbrand . Not sure what is failing. we see on some machine same package is working fine and on some it is not. In extension I see service is stoped.

Installing FalconSensorMacOS (2).pkg...
Installation failed. The installer reported: installer: Package name is CrowdStrike Falcon Sensor
installer: Upgrading at base path /
installer: The upgrade failed. (The Installer encountered an error that caused the installation to fail. Contact the software manufacturer for assistance. An error occurred while running scripts from the package “FalconSensorMacOS (2).pkg”.)
Running script CrowdStrike Reload...
Script exit code: 0
Script result: Error: A maintenance token is required to unload. Specify one with -t.
Error: This machine is already licensed
Falcon sensor is loaded


danny_gutman
Forum|alt.badge.img+7
  • Contributor
  • February 17, 2021

How are you guys suppressing Falcon Notifications prompt? I see no one talked about this on any other threads.

You guys are getting a prompt to approve or deny Notifications for Falcon?


Forum|alt.badge.img+16
  • Honored Contributor
  • April 14, 2021

I am seeing "Script result: Error: This machine is already licensed" and the AE show that it's not installed are you guys still seeing the same thing?

C


Forum|alt.badge.img+7
  • Valued Contributor
  • May 12, 2021

Anyone have a solution to this issue? For me, I had a group of test machines install CS and they did not show up in the CS portal... So there is not a token I can use to uninstall the app locally from the Macs.


Forum|alt.badge.img+7
  • Valued Contributor
  • May 12, 2021

I was able to solve my issue by going into safe mode with no network, running the uninstall script, booting the machine back out of safe mode and running the install script.

This made the machine that was not originally in the portal appear


Forum|alt.badge.img+2
  • New Contributor
  • July 15, 2021

How are you guys suppressing Falcon Notifications prompt? I see no one talked about this on any other threads.

You guys are getting a prompt to approve or deny Notifications for Falcon?


CrowdStrike calls it notifications from a second app hidden in the app bundle. 

/Applications/Falcon.app/Contents/Library/LaunchServices/Falcon\\ Notifications.app

Use the Bundle ID of "com.crowdstrike.falcon.UserAgent" in a Notifications Configuration Profile. 

 

 


Forum|alt.badge.img+7
  • Contributor
  • May 20, 2022

I was able to solve my issue by going into safe mode with no network, running the uninstall script, booting the machine back out of safe mode and running the install script.

This made the machine that was not originally in the portal appear


This is the critical point here i think. Machines get the "already licensed" issue that dont show in the portal. Even with EAs we can check for install and loaded, but they still might not be in the portal. I think this is more of a falcon issue then anything with jamf. But it would be nice to have a reinstall script that can resolve this. I would assume running  

sudo /Applications/Falcon.app/Contents/Resources/falconctl uninstall with the maintenance token and then re install. 





Forum|alt.badge.img+2
  • New Contributor
  • November 8, 2023

even i am getting same issue as @j_allenbrand . Not sure what is failing. we see on some machine same package is working fine and on some it is not. In extension I see service is stoped.

Installing FalconSensorMacOS (2).pkg...
Installation failed. The installer reported: installer: Package name is CrowdStrike Falcon Sensor
installer: Upgrading at base path /
installer: The upgrade failed. (The Installer encountered an error that caused the installation to fail. Contact the software manufacturer for assistance. An error occurred while running scripts from the package “FalconSensorMacOS (2).pkg”.)
Running script CrowdStrike Reload...
Script exit code: 0
Script result: Error: A maintenance token is required to unload. Specify one with -t.
Error: This machine is already licensed
Falcon sensor is loaded


Same issue for me any solution for this please


Forum|alt.badge.img+2
  • New Contributor
  • December 20, 2024

How are you guys suppressing Falcon Notifications prompt? I see no one talked about this on any other threads.

You guys are getting a prompt to approve or deny Notifications for Falcon?


And this isn't really the thread for it either....we are trying to figure out installation issues here, not notifications.