Learn how to deploy the CrowdStrike Falcon agent to your macOS devices as a custom app
- Prerequisites
- Considerations
- Add and Configure the Custom Settings Profile
- Add and Configure the Service Management Profile
- Add and Configure the Custom App
Prerequisites
Intel-based Mac computers only require the KEXT version of the Crowdstrike settings profile when using Crowdstrike's Firmware Analysis feature. If you are not using Firmware Analysis, we recommend using the non-KEXT versions of the custom settings below.
- CrowdStrike installer from the vendor (Hosts > Sensor Downloads)
- Crowdstrike Custom Settings
- Apple silicon
- macOS 15 (Sequoia) (GitHub Link)
- macOS 11 (Big Sur) - macOS 14 (Sonoma) (GitHub Link)
- Intel with KEXT
- macOS 15 (Sequoia) (GitHub Link)
- macOS 11 (Big Sur) - macOS 14 (Sonoma) (GitHub Link)
- Apple silicon
- CrowdStrike Service Management Profile
- macOS 13 (Ventura) - macOS 15 (Sequoia) (GitHub Link)
- CrowdStrike Audit Script (GitHub Link)
- CrowdStrike Postinstall script (GitHub Link)
Considerations
The CrowdStrike Settings Profile is designed to facilitate CrowdStrike approval across all network content filters, kernel extensions, system extensions, PPPC, and web-filtering requirements. This profile is compatible with both the older Falcon agent using kernel extensions and the latest version utilizing system extensions.
The CrowdStrike Service Management Profile handles essential login and background processes.
If you require it, the Legacy System Extension (KEXT) Settings Profile can be accessed via this GitHub link.
This profile supports both the Falcon agent with kernel extensions and the newer version with system extensions.
The KEXT payload is necessary only when using the CrowdStrike Firmware Analysis feature on Intel-based Mac computers.
Please note that depending on the specific CrowdStrike product and version you have installed, there may be variations in app paths, privacy access settings, and kernel or system extension requirements. As with any custom application, we strongly recommend thorough testing before deploying it to a production Mac.
Add and Configure the Custom Settings Profile
- Navigate to Library in the left-hand navigation bar.
- Click Add New on the top-right, and choose Custom Profile.
- Click Add & Configure.
- Give your Custom Profile a Name.
- For Install on, select Mac.
- Assign to your desired Assignment Maps or Classic Blueprints.
- Upload the CrowdStrike Settings Profile (or Legacy System Extension (KEXT) settings profile).
- Click Save.
Add and Configure the Service Management Profile
The service management profile for Crowdstrike Falcon is compatible with macOS 13 Ventura and later. For macOS Monterey 12 and earlier, an Assignment Map must be used for advanced scoping to prevent the service management profile from being assigned to those devices. To learn more about using rules in Assignment Maps, see our Advanced Assignment Maps Configuration support article.
- Navigate to Library in the left-hand navigation bar.
- Click Add New on the top-right, and choose Custom Profile.
- Click Add & Configure.
- Give your Custom Profile a Name.
- For Install on, select Mac.
- Assign to your desired Assignment Maps or Classic Blueprints. If using Assignment Maps, configure the Assignment Rules in your conditional block to ensure the profile is only installed on Mac computers running macOS Ventura and later.
- Upload the profile that you downloaded previously from GitHub.
- Click Save.
Add and Configure the Custom App
- In the left-hand menu, click on Library.
- Near the top-right, click Add New.
- Select Custom App.
- Click Add & Configure.
- Give the Custom App a Name. Optionally, add a custom icon.
- Assign to your desired Assignment Maps or Classic Blueprints.
- Change the Installation to Audit and Enforce.
- Copy and paste the crowdstrike_ae_script.zsh script from the prerequisites into the Audit & Enforce text box. No modification is required.
- Select Installer Package (install .pkg or .mpkg) as the deployment type
- Upload the installer package.
- Paste the Postinstall Script referenced in the Prerequisites.
- In the Post-Install script, update the customerIDChecksum variable on line 55 with your Customer ID
- Optionally, paste your install token on line 59 inside the installToken variable; otherwise, leave it blank.
- Click Save.