If you are running the script via Jamf, sudo is not needed as scripts are run as root. I would also suggest maybe talking with your CS Admin to see if they are willing to disable the InstallGuard on the specific machines you are looking to remove CS from. Then you can have a simple script of the below and be done with it.

/Library/CS/falconctl unisntall

i have the same issue did you figure out how to run the script? Also, how to run the script for bunch of machines? i am aware each machine have unique token.

Look at this thread

link

Posted: 7/23/2018 at 6:12 PM CDT by nkalister

Going to bump this post and see if anyone has figured out how to do this with a maintance token installed or if you get the response from Jamf upon install

Script result: Error: This machine is already licensed

We see the computer in the Falcon console but Jamf keeps saying the above message. Hoping a quick uninstall might be possible via a script but haven't figured out how to deploy it properly yet.

What we have found is that you will need to do a manual uninstall with the maintenance token. Once the product is removed then we have Jamf check if CS is missing and re-install it.

I am working on a new script to try to accomplish the whole process from Jamf itself.

Anyone make any progress on this?  I have some of the ground work in a script but am trying to leverage the Crowdstrike API to get the maintenance token for uninstall since it is unique to each machine.  I have limited experience with accessing APIs using Curl and how to authenticate when there is a authentication token that is also required.

CrowdStrike's KB article suggests using a small Python script to provide the maintenance token to the falconctl CLI command. Unfortunately, Python is not a good option anymore. I am researching to find a solution. If I find one, I will link or repost it here. 

Did you come up with a solution @Dorr7 ?

Why is python not a good option?