Jamf Nation Community

As a note, working with Crowdstrike we discovered if you use the firmware scanning of the Falcon sensor, you will be unable to make it fully silent.

Has anyone had success with this? We could not provide full disk access with the profile configuration file on devices with neither Intel nor M1 chipsets.

Sure. Otherwise it would have been very, very, painful to deploy. The PPPC should look something like this:

<key>SystemPolicyAllFiles</key>
		<array>
			<dict>
				<key>Allowed</key>
				<integer>1</integer>
				<key>CodeRequirement</key>
				<string>identifier "com.crowdstrike.falcon.Agent" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = X9E956P446</string>
				<key>Comment</key>
				<string></string>
				<key>Identifier</key>
				<string>com.crowdstrike.falcon.Agent</string>
				<key>IdentifierType</key>
				<string>bundleID</string>
				<key>StaticCode</key>
				<integer>0</integer>
			</dict>
		</array>

You need to distribute the config profile first, otherwise your users will get those dialogs.
Just enter the value in the PPPC like this:

You'll probably want to allow the system extension as well:

Hi,

Although I created a configuration file in this way, I could not get a positive result.