Crowdstrike Full Disk Access for M1 MacBook

New Contributor

Hello All

I successfully deployed the CrowdStrike with this instruction; however, the user has to manually allow the Full Disk Access in the Security & Privacy.

Does anybody know how to do it or can lead me to the instruction?  I have read several articles and got confused.




New Contributor III

This article seems to cover the topic pretty well.



New Contributor

As a note, working with Crowdstrike we discovered if you use the firmware scanning of the Falcon sensor, you will be unable to make it fully silent.

New Contributor

Has anyone had success with this? We could not provide full disk access with the profile configuration file on devices with neither Intel nor M1 chipsets.

New Contributor III

Sure. Otherwise it would have been very, very, painful to deploy. The PPPC should look something like this:

				<string>identifier "com.crowdstrike.falcon.Agent" and anchor apple generic and certificate 1[field.1.2.840.113635.] /* exists */ and certificate leaf[field.1.2.840.113635.] /* exists */ and certificate leaf[subject.OU] = X9E956P446</string>


Thanks  Macweazle

Could you make a healthy distribution in this way? Could you make a healthy distribution in this way? Is there a medium where you can share this PPPC file? There is one more thing that I am wondering about. Should I send the Profile file to the client before installing the Falcon agent? Or later?

New Contributor III

You need to distribute the config profile first, otherwise your users will get those dialogs.
Just enter the value in the PPPC like this:
Screenshot 2022-06-28 at 08.54.37.png


You'll probably want to allow the system extension as well:
Screenshot 2022-06-28 at 08.59.30.png

New Contributor



Although I created a configuration file in this way, I could not get a positive result.