This document illustrates the correct security options the user must choose to provide protection on an endpoint that is not enrolled in JAMF.
If a workstation is managed by JAMF, the three options for enabling Network Filtering, the CrowdStrike Security Extension, and Full Disk Access, are set automatically in the MDM profile.
The upgrade to the latest sensor occurs silently in the background with no restart or reboot required. The end user must enable the following three prompts.
The end user must allow the Falcon sensor to filter network content. Please select Allow from the prompt below:
Apple implemented system extensions instead of kernel extensions in Big Sur. The end user will see the following prompt and must open Security Preferences.
Under the General tab in Security & Privacy settings, select Allow for Falcon application.
Full disk access is required for Catalina and later operating systems. The end user must grant full disk access on the host. Administrator account permission is required. Please follow the instructions below to enable full disk access:
- Select the Apple icon and Open System Perferences, then click Security & Privacy.
- On the Privacy tab, if privacy settings are locked, select the lock icon and specify the password.
- In the left pane, select Full Disk Access.
- In the right pane, select the plus icon and the check box next to Agent.
The Falcon Notifications notifications prompt is displayed at the end of the installation. Security Operations recommends the end user to select Allow.
If an end user chooses an incorrect prompt, CrowdStrike will not operate properly. The end user can reload the system extensions by running the following command in the Terminal application:
sudo /Applications/Falcon.app/Contents/Resources/falconctl load