Hi
It looks like we need to deploy/upgrade our base sensor for Crowdstrike Falcon. It seems the previous script does not work and the sensor requires more permissions on Big Sur.
Any help/insight would be greatly appreciated.
Page 2 / 2
@danny.gutman You can configure a Notifications payload using the bundle identifier
com.crowdstrike.falcon.UserAgent@afarnsworth like this?
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>NotificationSettings</key>
<array>
<dict>
<key>BundleIdentifier</key>
<string>com.crowdstrike.falcon.UserAgent</string>
<key>NotificationsEnabled</key>
<false/>
<key>AlertType</key>
<integer>1</integer>
<key>ShowInLockScreen</key>
<false/>
<key>ShowInNotificationCenter</key>
<false/>
<key>BadgesEnabled</key>
<false/>
<key>SoundsEnabled</key>
<false/>
</dict>
</array>
</dict>
</plist>Doesn't seem to stop the user from getting macOS Notification about the app.
@afarnsworth Hi, I was wondering how you found the correct bundle ID to use for the notifications payload. I tried doing the osascript -e "id of app "appName"' method but got a different one, and couldn't find the correct one until I saw your post here.
@donmontalvo You can use the notifications payload in Configuration Profiles in jamf to do this for you.
Any updates on this?
Here is my setup in JAMF. It works at surpassing the initial notification from the Falcon sensor installer. As @afarnsworth said you need to use "com.crowdstrike.falcon.UserAgent" as the bundle ID for the notifications payload.
Not really sure if Falcon ever sends out messages via notifications and if you want to disable or enable them.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.