Install/Uninstall CrowdStrike Falcon
Updated over a week ago

CrowdStrike Falcon is a cloud-native endpoint protection platform developed by CrowdStrike, a leading cybersecurity company. Falcon uses artificial intelligence, machine learning, and behavioral analytics to protect endpoints such as laptops, desktops, servers, and virtual machines from a wide range of cyber threats, including malware, ransomware, and advanced persistent threats (APTs).

To install CrowdStrike, there are 2 required steps:

  1. Install pkg: You can choose to deploy the package to devices in 2 ways:

    1. Download the pkg on the CrowdStrike download page and upload it to your team's software page on Swifteam.

    2. Or you can use our prebuilt CrowdStrike Falcon package on the Software page and Click "Add" to add to your team software.

  2. Install profiles (macOS): You can download the CrowdStrike-provided MDM profile at the support page. After the profile is downloaded, you can deploy the profile using Swif's custom policy function at Policy Management. Here is a sample CrowdStrike MDM profile for the M1 Macbook for your reference: Falcon Profile - no Kext.mobileconfig. For custom profiles, please only copy the value of Payload Content to the profile content. Usually, it looks like <array></array>.

  3. Run a scheduled command falconctl to configure the Falcon license.

    1. Run a schedule command. To make the command work on all devices, you can make the scheduled command run as Swif admin (Step 2). Swif admin password is available via Device Details > Account tab > Swif admin > Change password > Click to View.

    2. echo "password here" | sudo -S /Applications/ license XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX-YY
    3. You can then verify on a device to see if it has been configured successfully.

      echo "password here" | sudo -S /Applications/ stats

      === CloudInfo === Cloud Info Host: Port: 443 State: connected ...

To uninstall CrowdStrike, there are 1 required step for Windows:

  1. Uninstall Falcon (Windows): When you remove Falcon from devices or groups on Swif, Windows uninstaller for Falcon will require you to manually enter a maintenance token on the devices that are uninstalling Falcon.

Did this answer your question?