Posted on 05-27-2022 04:27 PM
I successfully deployed the CrowdStrike with this instruction; however, the user has to manually allow the Full Disk Access in the Security & Privacy.
Does anybody know how to do it or can lead me to the instruction? I have read several articles and got confused.
Posted on 05-29-2022 11:08 PM
This article seems to cover the topic pretty well.
Posted on 05-31-2022 10:20 AM
As a note, working with Crowdstrike we discovered if you use the firmware scanning of the Falcon sensor, you will be unable to make it fully silent.
Posted on 06-27-2022 11:54 AM
Has anyone had success with this? We could not provide full disk access with the profile configuration file on devices with neither Intel nor M1 chipsets.
Posted on 06-27-2022 11:20 PM
Sure. Otherwise it would have been very, very, painful to deploy. The PPPC should look something like this:
<key>SystemPolicyAllFiles</key> <array> <dict> <key>Allowed</key> <integer>1</integer> <key>CodeRequirement</key> <string>identifier "com.crowdstrike.falcon.Agent" and anchor apple generic and certificate 1[field.1.2.840.1136220.127.116.11.6] /* exists */ and certificate leaf[field.1.2.840.113618.104.22.168.13] /* exists */ and certificate leaf[subject.OU] = X9E956P446</string> <key>Comment</key> <string></string> <key>Identifier</key> <string>com.crowdstrike.falcon.Agent</string> <key>IdentifierType</key> <string>bundleID</string> <key>StaticCode</key> <integer>0</integer> </dict> </array>
Posted on 06-27-2022 11:33 PM
Could you make a healthy distribution in this way? Could you make a healthy distribution in this way? Is there a medium where you can share this PPPC file? There is one more thing that I am wondering about. Should I send the Profile file to the client before installing the Falcon agent? Or later?
Posted on 06-28-2022 12:01 AM
You need to distribute the config profile first, otherwise your users will get those dialogs.
Just enter the value in the PPPC like this:
You'll probably want to allow the system extension as well:
Posted on 06-28-2022 05:26 AM
Although I created a configuration file in this way, I could not get a positive result.