HOWTO: Install Crowdstrike AV or Falcon Sensor

 

There are two versions of CrowdStrike:

CrowdStrike AV is an endpoint security solution that provides both AntiVirus and AntiMalware detection/prevention with an agent on computing devices.

CrowdStrike Falcon Sensor does not provide AntiVirus protection, but does include AntiMalware detection.

 

Requirements

  • PEAS enrollment (enroll.partners.org)
  • macOS 10.13 and up

 


 

Installation Instructions - Crowdstrike AV

  • Open Self Service

  • Click Install on CrowdStrike AV

If you have TrendMicro installed, this will automatically remove Trend prior to installing CrowdStrike AV. It will not, however, uninstall other AntiVirus applications. If you have AntiVirus currently running on your Mac (ClamAV, AVG, Symantec, etc) please uninstall it prior to installing CrowdStrike AV to avoid any incompatibilities.

 

CrowdStrike AV runs silently in the background- no annoying pop-up windows!

 

In order to help you know if CrowdStrike is on your computer, and to provide a little information on it, we have added the PEAS Menu.

The PEAS Menu is designed to provide you with quick, relevant information regarding CrowdStrike- Sensor installation status, version, and whether CrowdStrike AV is installed or not. The PEAS Menu will be updated from time to time as relevant information becomes available.

 


 

CrowdStrike Falcon Sensor Installation Instructions

NOTE: IF YOU HAVE CROWDSTRIKE AV INSTALLED, THERE IS NO NEED TO ALSO INSTALL THE CROWDSTRIKE FALCON SENSOR

If you have a ForeScout recommended AntiVirus solution and just wish to have the Malware detection of Crowdstrike, then follow these steps:

  • Open Self Service 

  • Click "Install" on the CrowdStrike Falcon sensor

  • If your device is a Corporate Purchased Mac, you may already have a Profile that approves Crowdstrike on your computer.

  • If not, you may receive a pop-up to approve a System Extension; to do this Click "Open Security Preferences"

  • The window will open to System Preferences- Security & Privacy. Click "Allow" to finish configuration.

To verify your installation/uninstallation

  • Open Terminal and type sysctl cs.version 
  • If the output is "cs.version: 3.10.6103.0" (for example), then CrowdStrike is installed. 
  • If the output is "sysctl: unknown oid 'cs.version'" then it is not installed.  

    If you're trying to install Crowdstrike, and still getting "unknown oid 'cs.version' please open a ticket with the PEAS team

Uninstallation Instructions

  1. Open Self Service 
  2. On the right hand side, click the Uninstall section on the right 
  3. Click the "Uninstall" button in the "Uninstall CrowdStrike Falcon Sensor"