Posted on 08-13-2018 06:15 PM
After reading numerous threads and @frantic's script to create the plist I tried to create a configuration profile to allow Crowdstrike's kexts, but I am still unable to see CS register correctly.
I use "sysctl cs" to verify if Crowdstrike is installed.
Has anyone gotten the Approved Kernel Extension payload to work with Crowdstrike?
Posted on 08-13-2018 09:47 PM
Just curious, is there a reason why you decided to whitelist both Team ID and Bundle ID?
Posted on 08-14-2018 01:47 AM
If I run "sqlite3 /var/db/SystemPolicyConfiguration/KextPolic"y and "SELECT * FROM kext_policy;"
Might be worth adding these in and see if it works better....
X9E956P446|com.crowdstrike.sensor|1|CrowdStrike Inc.|8
X9E956P446|com.crowdstrike.sensor.CSAA|1|CrowdStrike Inc.|8
X9E956P446|com.crowdstrike.sensor.FileInfo|1|CrowdStrike Inc.|8
X9E956P446|com.crowdstrike.sensor.IOServices|1|CrowdStrike Inc.|8
X9E956P446|com.crowdstrike.sensor.Kauth|1|CrowdStrike Inc.|8
X9E956P446|com.crowdstrike.libreactos|1|CrowdStrike Inc.|8
X9E956P446|com.crowdstrike.sensor.Network|1|CrowdStrike Inc.|8
X9E956P446|com.crowdstrike.NMR|1|CrowdStrike Inc.|8
X9E956P446|com.crowdstrike.platform|1|CrowdStrike Inc.|8
X9E956P446|com.crowdstrike.TDB|1|CrowdStrike Inc.|8
Posted on 08-14-2018 08:24 AM
@huyinmobi
I would remove the "Approved Kernel Extensions" entries, save and try again.
Basically, what @donmontalvo said. I use this profile and it works, but I don't populate the field as mentioned above.
Posted on 08-15-2018 05:44 AM
Yes, looks like if you specify the specific extensions (but not all of them, as @tjhall noted) then any that AREN'T explicitly on the list will NOT be allowed. It does make it confusing because your KEXT policy in Preferences > Policies applet won't show anything for the vendor unless you DO list the specific extensions, from what I've seen.
Posted on 08-15-2018 08:30 AM
I've had no cause as of yet not to just use TEAM ID. I guess I could see circumstances where one would want some, but not all.
TEAM ID has been pretty good so far. I just deploy those on enrollment and login and all the software installs without drama on the user's end.