{"id":75155,"date":"2023-05-18T16:54:21","date_gmt":"2023-05-18T20:54:21","guid":{"rendered":"https:\/\/jumpcloud.com\/?post_type=support&#038;p=75155"},"modified":"2024-09-13T11:44:13","modified_gmt":"2024-09-13T15:44:13","slug":"install-the-crowdstrike-falcon-agent","status":"publish","type":"support","link":"https:\/\/jumpcloud.com\/support\/install-the-crowdstrike-falcon-agent","title":{"rendered":"Install the CrowdStrike Falcon Agent"},"content":{"rendered":"\n<p>You can download and install the CrowdStrike Falcon Agent on Windows and macOS devices from the JumpCloud Admin Portal. CrowdStrike provides cloud security and threat detection software.&nbsp;<\/p>\n\n\n\n<p>For macOS devices, you\u2019ll also need to apply a policy in JumpCloud that creates a Mobile Device Management (MDM) profile and sets the necessary permissions required by the CrowdStrike Falcon Agent. If you&#8217;re running macOS on an Intel processor that uses a kernel extension with the CrowdStrike firmware analysis tool, you\u2019ll need to apply a second policy.<\/p>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card tip\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/tip-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Tip:<\/strong> \n<p>For macOS devices, you should create and apply the CrowdStrike policy&nbsp;<em>before<\/em>&nbsp;you deploy the CrowdStrike app.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Creating a MacOS CrowdStrike Policy<\/h2>\n\n\n\n<p>Every Apple silicon and macOS device requires the CrowdStrike Falcon MDM Settings (No kernel extension) Policy described below.&nbsp; If you have a macOS device on Intel that includes a kernel extension policy to run CrowdStrike\u2019s firmware analysis tool, you\u2019ll also need to apply the CrowdStrike Falcon Firmware Analysis Settings Policy (Intel only).<\/p>\n\n\n\n<ul>\n<li><strong>CrowdStrike Falcon MDM Settings (No kernel extension) Policy<\/strong>&nbsp;&#8211; Use this general policy to configure Apple silicon devices and macOS devices with Intel processors. This policy installs the necessary permissions on Apple silicon devices and macOS devices with Intel processors, including Full Disk Access, Notifications, System Extensions, and Web Content Filter permissions. It also creates an MDM licensing profile.<\/li>\n\n\n\n<li><strong>CrowdStrike Falcon Firmware Analysis Settings Policy (Intel only)<\/strong>&nbsp;&#8211; Use this policy for macOS devices with Intel processors that include a kernel extension to run CrowdStrike\u2019s firmware analysis tool. This policy installs the necessary permissions for the Falcon Firmware Analysis tool. You\u2019ll apply both this policy and the CrowdStrike Falcon MDM Settings policy to all macOS devices with Intel processors that run the firmware analysis tool.<\/li>\n<\/ul>\n\n\n\n<p>Have your CrowdStrike Customer ID (CCID) checksum handy because both CrowdStrike policies will use it to create the MDM profile.<\/p>\n\n\n\n<p><strong>To create a macOS CrowdStrike Policy<\/strong>:<\/p>\n\n\n\n<ol>\n<li>Log in to the <a href=\"https:\/\/console.jumpcloud.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">JumpCloud Admin Portal<\/a>.<\/li>\n\n\n\n<li>Go to<strong>&nbsp;DEVICE MANAGEMENT &gt; Policy Management<\/strong>.<\/li>\n\n\n\n<li>Select the&nbsp;<strong>All<\/strong>&nbsp;tab, then click (<strong>+<\/strong>) and&nbsp;select the&nbsp;<strong>Mac<\/strong>&nbsp;tab.<\/li>\n\n\n\n<li>To create a policy for a silicon macOS device or a macOS device that uses an Intel processor, locate the <strong>CrowdStrike Falcon MDM Settings (No kernel extension)&nbsp;<\/strong>policy, then click&nbsp;<strong>configure.<\/strong>\n<ol start=\"1\" style=\"list-style-type:lower-alpha\" class=\"is-lower-alpha\">\n<li>(Optional) Under&nbsp;<strong>Policy Name<\/strong>, enter a new, unique name for the policy or keep the default.&nbsp;<\/li>\n\n\n\n<li>Under&nbsp;<strong>CCID<\/strong>, enter your CCID.&nbsp;Locate your CCID on the Falcon Sensor download page. Including the CCID in this policy automatically licenses Falcon on your macOS devices so you don\u2019t need to run an activation command.<br><img decoding=\"async\" width=\"1699\" height=\"973\" class=\"wp-image-86948\" style=\"width: 800px\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/02\/crowdstrike-policy-ccid.png\" alt=\"\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/02\/crowdstrike-policy-ccid.png 1699w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/02\/crowdstrike-policy-ccid-300x172.png 300w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/02\/crowdstrike-policy-ccid-1024x586.png 1024w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/02\/crowdstrike-policy-ccid-768x440.png 768w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/02\/crowdstrike-policy-ccid-1536x880.png 1536w\" sizes=\"(max-width: 1699px) 100vw, 1699px\" \/><\/li>\n\n\n\n<li>(Optional) Select the&nbsp;<strong>Device Groups<\/strong>&nbsp;tab, then select one or more device groups where you&#8217;ll apply this policy.<\/li>\n\n\n\n<li>(Optional) Select the&nbsp;<strong>Devices<\/strong>&nbsp;tab, then select one or more devices where you&#8217;ll apply this policy.<\/li>\n\n\n\n<li>Click&nbsp;<strong>save<\/strong>, then click&nbsp;<strong>save<\/strong>&nbsp;again.<\/li>\n<\/ol>\n<\/li>\n\n\n\n<li>To create a policy for a macOS device that uses an Intel processor to run CrowdStrike\u2019s firmware analysis tool, locate the CrowdStrike Falcon Firmware Analysis Settings Policy (Intel only), then click&nbsp;<strong>configure<\/strong>.\n<ol start=\"1\" style=\"list-style-type:lower-alpha\" class=\"is-lower-alpha\">\n<li>(Optional) On the New Policy panel, enter a new, unique name for the policy or keep the default.<br><img decoding=\"async\" width=\"1699\" height=\"971\" class=\"wp-image-86950\" style=\"width: 800px\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/02\/new-policy-crowdstrike.png\" alt=\"\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/02\/new-policy-crowdstrike.png 1699w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/02\/new-policy-crowdstrike-300x171.png 300w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/02\/new-policy-crowdstrike-1024x585.png 1024w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/02\/new-policy-crowdstrike-768x439.png 768w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/02\/new-policy-crowdstrike-1536x878.png 1536w\" sizes=\"(max-width: 1699px) 100vw, 1699px\" \/><\/li>\n\n\n\n<li>(Optional) Select the&nbsp;<strong>Device Groups<\/strong>&nbsp;tab, then select one or more device groups where you&#8217;ll apply this policy.<\/li>\n\n\n\n<li>(Optional) Select the&nbsp;<strong>Devices<\/strong>&nbsp;tab, then select one or more devices where you&#8217;ll apply this policy.<\/li>\n\n\n\n<li>Click&nbsp;<strong>save<\/strong>, then click&nbsp;<strong>save<\/strong>&nbsp;again.<\/li>\n<\/ol>\n<\/li>\n\n\n\n<li>Run the command you created in&nbsp;<a href=\"#install-macos\">To install the CrowdStrike Falcon Agent on a macOS device<\/a> below by selecting the checkbox next to the command on the Commands page and clicking&nbsp;<strong>run now<\/strong>.&nbsp;<\/li>\n<\/ol>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card tip\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/tip-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Tip:<\/strong> \n<p>If the command doesn\u2019t run, verify that you have root permissions.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<ol start=\"7\">\n<li>After the command finishes, select the&nbsp;<strong>Results<\/strong>&nbsp;tab on the Commands page. An exit code of 0 indicates that the command ran successfully. If multiple commands are processed at runtime, only the last exit code is reported. For a list of all exit codes, see <a href=\"https:\/\/jumpcloud.com\/support\/understand-command-results\" target=\"_blank\" rel=\"noreferrer noopener\">Understand Command Results<\/a>.&nbsp;<\/li>\n\n\n\n<li>Verify that your CrowdStrike policy was applied on the macOS device (From the Apple menu, <strong>System Settings<\/strong>&nbsp;&gt;&nbsp;<strong>Privacy &amp; Security<\/strong> &gt; <strong>Profiles<\/strong>):<br><img decoding=\"async\" width=\"942\" height=\"685\" class=\"wp-image-86949\" style=\"width: 600px\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/02\/crowdstrike-profile.png\" alt=\"\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/02\/crowdstrike-profile.png 942w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/02\/crowdstrike-profile-300x218.png 300w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/02\/crowdstrike-profile-768x558.png 768w\" sizes=\"(max-width: 942px) 100vw, 942px\" \/><\/li>\n<\/ol>\n\n\n\n<p>To further verify the policy, run this command:<\/p>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>\/usr\/libexec\/PlistBuddy -c &#8220;print&#8221; \/Library\/Application Support\/com.apple.TCC\/MDMOverrides.plist<\/p>\n<\/div><\/div>\n\n\n\n<p>The CrowdStrike policy does not appear in Apple\u2019s&nbsp;<strong>System Settings &gt; Privacy &amp; Security &gt; Full Disk Access<\/strong>&nbsp;location. That location contains policies that the user approves or has approved, rather than Admin-approved policies like the Application Privacy Preferences Policy.<\/p>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Note:<\/strong> \n<p>MacOS 15 Sequoia will disable the option to toggle the Crowdstrike extension under <strong>System Settings &gt; General &gt; Login Items &amp; Extensions &gt; Endpoint Security Extensions<\/strong> for end users.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Installing the CrowdStrike Falcon Agent<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">MacOS<\/h3>\n\n\n\n<p id=\"install-macos\"><strong>To install the CrowdStrike Falcon Agent on a macOS device<\/strong>:<\/p>\n\n\n\n<ol>\n<li>Log in to your CrowdStrike Portal.<\/li>\n\n\n\n<li>Create a new&nbsp;<strong>CrowdStrike API Client with Sensor Download &#8211; Read Scope<\/strong>&nbsp;by performing these steps:\n<ol start=\"1\" class=\"is-lower-alpha\">\n<li>Click the&nbsp;hamburger menu.<br><img decoding=\"async\" width=\"518\" height=\"46\" class=\"wp-image-86992\" style=\"width: 600px\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/02\/crowdstrike-hamburger.png\" alt=\"\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/02\/crowdstrike-hamburger.png 518w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/02\/crowdstrike-hamburger-300x27.png 300w\" sizes=\"(max-width: 518px) 100vw, 518px\" \/><\/li>\n\n\n\n<li>Select&nbsp;<strong>Support and Resources<\/strong>.&nbsp;<\/li>\n\n\n\n<li>Under<strong>&nbsp;Resources and Tools<\/strong>, click&nbsp;<strong>API clients and keys<\/strong>.<\/li>\n\n\n\n<li>Click&nbsp;<strong>Add new API Client<\/strong>.<\/li>\n\n\n\n<li>Enter the&nbsp;<strong>Client Name<\/strong>&nbsp;and&nbsp;<strong>Description<\/strong>.<\/li>\n\n\n\n<li>Navigate to&nbsp;<strong>Sensor Download<\/strong>&nbsp;and select&nbsp;<strong>Read&nbsp;<\/strong>scope.&nbsp;<br><img decoding=\"async\" width=\"548\" height=\"439\" class=\"wp-image-86993\" style=\"width: 600px\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/02\/crowdstrike-sensor-download.png\" alt=\"\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/02\/crowdstrike-sensor-download.png 548w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/02\/crowdstrike-sensor-download-300x240.png 300w\" sizes=\"(max-width: 548px) 100vw, 548px\" \/><\/li>\n\n\n\n<li>Click&nbsp;<strong>Add<\/strong>.<\/li>\n<\/ol>\n<\/li>\n\n\n\n<li>Save the&nbsp;<strong>Client ID<\/strong>,&nbsp;<strong>Secret<\/strong>, and&nbsp;<strong>Base URL Information<\/strong>&nbsp;for future use.<\/li>\n\n\n\n<li>Log in to the <a href=\"https:\/\/console.jumpcloud.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">JumpCloud Admin Portal<\/a>.<\/li>\n\n\n\n<li>Go to<strong>&nbsp;DEVICE MANAGEMENT &gt; Commands<\/strong>.<\/li>\n\n\n\n<li>Select the&nbsp;<strong>Commands<\/strong>&nbsp;tab, then&nbsp;click (<strong>+<\/strong>) and choose&nbsp;<strong>Command from Template<\/strong>.&nbsp;<\/li>\n\n\n\n<li>Select&nbsp;<strong>MacOS<\/strong>&nbsp;and locate the the Mac&nbsp;&#8211; Install CrowdStrike Falcon Agent template.&nbsp;See&nbsp;<a href=\"https:\/\/jumpcloud.com\/support\/get-started-commands\" target=\"_blank\" rel=\"noreferrer noopener\">Get Started: Commands<\/a>&nbsp;for more information.<\/li>\n\n\n\n<li>Click&nbsp;<strong>configure<\/strong>.<\/li>\n\n\n\n<li>(Optional) You can edit the default name for this command or type a new name.<\/li>\n\n\n\n<li>Click&nbsp;<strong>Run As<\/strong>, then choose&nbsp;<strong>root<\/strong>.<\/li>\n\n\n\n<li>Under&nbsp;<strong>Type<\/strong>, click&nbsp;<strong>Mac<\/strong>.<\/li>\n\n\n\n<li>Edit the script to update the&nbsp;<strong>CSBaseAddress<\/strong>,&nbsp;<strong>CSClientID<\/strong>,&nbsp;<strong>CSClientSecret<\/strong>, and (if applicable) <strong>CSInstallToken<\/strong>&nbsp;with the information collected in Step 3.&nbsp;\n<ul>\n<li>Only set the <strong>CSInstallToken<\/strong> variable if you have <strong>Require Token<\/strong> enabled in your CrowdStrike org under <strong>Host setup and management<\/strong> &gt; <strong>Deploy<\/strong> &gt; <strong>Installation tokens<\/strong>.<br><img decoding=\"async\" width=\"2560\" height=\"1768\" class=\"wp-image-98238\" style=\"width: 1200px\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/09\/crowdstrike-command-variables-mac-scaled.jpg\" alt=\"\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/09\/crowdstrike-command-variables-mac-scaled.jpg 2560w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/09\/crowdstrike-command-variables-mac-300x207.jpg 300w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/09\/crowdstrike-command-variables-mac-1024x707.jpg 1024w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/09\/crowdstrike-command-variables-mac-768x530.jpg 768w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/09\/crowdstrike-command-variables-mac-1536x1061.jpg 1536w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/09\/crowdstrike-command-variables-mac-2048x1414.jpg 2048w\" sizes=\"(max-width: 2560px) 100vw, 2560px\" \/><\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Note:<\/strong> \n<p>This script works for many situations; you might need to alter some variables for your organization. For more information, see the CrowdStrike documentation.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<ol start=\"13\">\n<li>If you want to schedule when the command runs or trigger the command, click&nbsp;<strong>Event<\/strong>&nbsp;and choose another option. The default is&nbsp;<strong>Run Manually<\/strong>.<\/li>\n\n\n\n<li>Under&nbsp;<strong>Options<\/strong>, increase the timeout if you want. The CrowdStrike default is&nbsp;<strong>600<\/strong>&nbsp;seconds.\n<ul>\n\n<li>The command may throw a 124 error if the command times out. This is more likely to occur on slower networks.&nbsp;<\/li>\n\n<\/ul>\n<\/li>\n\n\n\n<li>Under&nbsp;<strong>TTL Settings<\/strong>, verify that&nbsp;<strong>Use Smart Defaults&nbsp;<\/strong>is selected.<\/li>\n\n\n\n<li>Assign the Falcon agent to your devices:\n<ul>\n\n<li>If you are assigning the Falcon Agent to individual devices, select the&nbsp;<strong>Devices<\/strong>&nbsp;tab and select the checkbox next to each device where you want to install the agent.<\/li>\n\n\n<li>If you are assigning the Falcon Agent to groups of devices, select the&nbsp;<strong>Device Groups<\/strong>&nbsp;tab and select the checkbox next to each device group where you want to install the agent.<\/li>\n\n<\/ul>\n<\/li>\n\n\n\n<li>Click&nbsp;<strong>save<\/strong>, then click&nbsp;<strong>save<\/strong>&nbsp;again.<\/li>\n\n\n\n<li>Run the command by selecting the checkbox next to the command on the Commands page and clicking&nbsp;<strong>run now<\/strong>.&nbsp;If the command doesn\u2019t run, verify that you have root permissions.&nbsp;<\/li>\n<\/ol>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card tip\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/tip-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Tip:<\/strong> \n<p>If your organization is treating Full Disk Access of tools other than Falcon as an Immediate remediation item for your security posture and ZTA score, CrowdStrike will alert when other software has Full Disk Access. JumpCloud requires Full Disk Access to control PAM module settings on a macOS device.<br><br>This may cause an alert that you could interpret as the CrowdStrike Falcon agent not having access to the Full Disk Access settings. That is not the case. In the event that Full Disk Access is listed as a red item in the ZTA score breakdown, that is because an application that is not Falcon has Full Disk Access.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<ol start=\"19\">\n<li>\u200b\u200b\u200b\u200b\u200b\u200bAfter the command finishes, select the&nbsp;<strong>Results<\/strong>&nbsp;tab on the Command page. An exit code of&nbsp;<strong>0<\/strong>&nbsp;indicates that the command ran successfully. If multiple commands are processed at runtime, only the last exit code is reported. For a list of all exit codes, see&nbsp;<a href=\"https:\/\/jumpcloud.com\/support\/understand-command-results\" target=\"_blank\" rel=\"noreferrer noopener\">Understand Command Results<\/a>.<\/li>\n<\/ol>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card tip\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/tip-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Tip:<\/strong> \n<p>For installation troubleshooting information, see&nbsp;<a href=\"#troubleshooting\">Troubleshooting<\/a> below.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<h3 class=\"wp-block-heading\">Windows<\/h3>\n\n\n\n<p><strong>To install the CrowdStrike Falcon Agent on a Windows device<\/strong>:<\/p>\n\n\n\n<ol>\n<li>Log into your CrowdStrike Portal.<\/li>\n\n\n\n<li>Create a new&nbsp;<strong>CrowdStrike API Client with Sensor Download &#8211; Read Scope<\/strong>&nbsp;by performing the following:\n<ol start=\"1\" class=\"is-lower-alpha\">\n<li>Click the hamburger menu.<br><img decoding=\"async\" width=\"518\" height=\"46\" class=\"wp-image-86992\" style=\"width: 600px\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/02\/crowdstrike-hamburger.png\" alt=\"\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/02\/crowdstrike-hamburger.png 518w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/02\/crowdstrike-hamburger-300x27.png 300w\" sizes=\"(max-width: 518px) 100vw, 518px\" \/><\/li>\n\n\n\n<li>Select&nbsp;<strong>Support and Resources<\/strong>.&nbsp;<\/li>\n\n\n\n<li>Under<strong>&nbsp;Resources and Tools<\/strong>, click&nbsp;<strong>API clients and keys<\/strong>.<\/li>\n\n\n\n<li>Click&nbsp;<strong>Add new API Client<\/strong>.<\/li>\n\n\n\n<li>Enter the&nbsp;<strong>Client Name<\/strong>&nbsp;and&nbsp;<strong>Description<\/strong>.<\/li>\n\n\n\n<li>Navigate to&nbsp;<strong>Sensor Download<\/strong>&nbsp;and select&nbsp;<strong>Read&nbsp;<\/strong>scope.&nbsp;<br><img decoding=\"async\" width=\"548\" height=\"439\" class=\"wp-image-86993\" style=\"width: 600px\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/02\/crowdstrike-sensor-download.png\" alt=\"\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/02\/crowdstrike-sensor-download.png 548w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/02\/crowdstrike-sensor-download-300x240.png 300w\" sizes=\"(max-width: 548px) 100vw, 548px\" \/><\/li>\n\n\n\n<li>Click&nbsp;<strong>Add<\/strong>.<\/li>\n<\/ol>\n<\/li>\n\n\n\n<li>Save the&nbsp;<strong>Client ID<\/strong>,&nbsp;<strong>Secret<\/strong>, and&nbsp;<strong>Base URL Information<\/strong>&nbsp;for future use.<\/li>\n\n\n\n<li>Log in to the <a href=\"https:\/\/console.jumpcloud.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">JumpCloud Admin Portal<\/a>.<\/li>\n\n\n\n<li>Go to<strong>&nbsp;DEVICE MANAGEMENT &gt; Commands<\/strong>.<\/li>\n\n\n\n<li>Select the&nbsp;<strong>Commands<\/strong>&nbsp;tab, then&nbsp;click (<strong>+<\/strong>) and choose&nbsp;<strong>Command from Template<\/strong>.&nbsp;<\/li>\n\n\n\n<li>Select&nbsp;<strong>Windows<\/strong>&nbsp;and locate the the Windows &#8211; Install CrowdStrike Falcon Agent template.&nbsp;See&nbsp;<a href=\"https:\/\/jumpcloud.com\/support\/get-started-commands\" target=\"_blank\" rel=\"noreferrer noopener\">Get Started: Commands<\/a>&nbsp;for more information.<\/li>\n\n\n\n<li>Click&nbsp;<strong>configure<\/strong>.<\/li>\n\n\n\n<li>(Optional) You can edit the default name for this command or type a new name.<\/li>\n\n\n\n<li>Under&nbsp;<strong>Type<\/strong>, click&nbsp;<strong>Windows<\/strong>.<\/li>\n\n\n\n<li>Edit the script to update the&nbsp;<strong>CSBaseAddress<\/strong>,&nbsp;<strong>CSClientID<\/strong>,&nbsp;<strong>CSClientSecret<\/strong>, and (if applicable) <strong>CSInstallToken<\/strong>&nbsp;with the information collected in Step 3.&nbsp;\n<ul>\n<li>Only set the <strong>CSInstallToken<\/strong> variable if you have <strong>Require Token<\/strong> enabled in your CrowdStrike org under <strong>Host setup and management<\/strong> &gt; <strong>Deploy<\/strong> &gt; <strong>Installation tokens<\/strong>.<br><img decoding=\"async\" width=\"3022\" height=\"1368\" class=\"wp-image-98224\" style=\"width: 1200px\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/09\/crowdstrike-command-variables-win.png\" alt=\"\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/09\/crowdstrike-command-variables-win.png 3022w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/09\/crowdstrike-command-variables-win-300x136.png 300w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/09\/crowdstrike-command-variables-win-1024x464.png 1024w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/09\/crowdstrike-command-variables-win-768x348.png 768w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/09\/crowdstrike-command-variables-win-1536x695.png 1536w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2023\/09\/crowdstrike-command-variables-win-2048x927.png 2048w\" sizes=\"(max-width: 3022px) 100vw, 3022px\" \/><\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card note\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/note-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Note:<\/strong> \n<p>This script works for many situations; you might need to alter some variables for your organization. For more information, see the CrowdStrike documentation.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<ol start=\"12\">\n<li>Click&nbsp;<strong>Launch Event<\/strong>, then choose<strong>&nbsp;Run as Repeating&nbsp;<\/strong>to run the command at the top of every hour.<\/li>\n\n\n\n<li>Under&nbsp;<strong>Options<\/strong>, ensure that the interval is set to&nbsp;<strong>3600<\/strong>&nbsp;seconds (1 hour).\n<ul>\n\n<li>The command may throw a 124 error if the command times out. This is more likely to occur on slower networks.&nbsp;<\/li>\n\n<\/ul>\n<\/li>\n\n\n\n<li>Assign the Falcon agent to your devices:\n<ul>\n\n<li>If you are assigning the Falcon Agent to individual devices, select the&nbsp;<strong>Devices<\/strong>&nbsp;tab and select the checkbox next to each device where you want to install the agent.<\/li>\n\n\n<li>If you are assigning the Falcon Agent to groups of devices, select the&nbsp;<strong>Device Groups<\/strong>&nbsp;tab and select the checkbox next to each device group where you want to install the agent.<\/li>\n\n<\/ul>\n<\/li>\n\n\n\n<li>Click&nbsp;<strong>save<\/strong>, then click&nbsp;<strong>save<\/strong>&nbsp;again.&nbsp;<\/li>\n\n\n\n<li>Run the command by selecting the checkbox next to the command on the Commands page and clicking<strong>&nbsp;run now<\/strong>.&nbsp;If the command doesn\u2019t run, verify that you have root permissions.<\/li>\n\n\n\n<li>After the command finishes, select the&nbsp;<strong>Results<\/strong>&nbsp;tab on the Commands page. An exit code of&nbsp;<strong>0<\/strong>&nbsp;indicates that the command ran successfully. If multiple commands are processed at runtime, only the last exit code is reported. For a list of exit codes, see&nbsp;<a href=\"https:\/\/jumpcloud.com\/support\/understand-command-results\" target=\"_blank\" rel=\"noreferrer noopener\">Understand Command Results<\/a>.&nbsp;<\/li>\n\n\n\n<li>Click&nbsp;<strong>view<\/strong>&nbsp;to see more information about the results.<\/li>\n<\/ol>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card tip\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/tip-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Tip:<\/strong> \n<p>For installation troubleshooting information, see&nbsp;<a href=\"#troubleshooting\">Troubleshooting<\/a> below.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"troubleshoot\">Troubleshooting<\/h2>\n\n\n\n<p>You can use a JumpCloud command to quickly check the status of a CrowdStrike agent installation.<\/p>\n\n\n\n<p><strong>To troubleshoot a macOS CrowdStrike installation<\/strong>:<\/p>\n\n\n\n<ol>\n<li>Go to&nbsp;<strong>DEVICE MANAGEMENT &gt; Commands.<\/strong><\/li>\n\n\n\n<li>Select the&nbsp;<strong>Commands<\/strong>&nbsp;tab, then&nbsp;click (<strong>+<\/strong>) and choose&nbsp;<strong>New Command<\/strong>.&nbsp;<\/li>\n\n\n\n<li>Enter a name for this command and choose&nbsp;<strong>root<\/strong>&nbsp;for Run As.<\/li>\n\n\n\n<li>Select the&nbsp;<strong>OS<\/strong>&nbsp;where you are installing the CrowdStrike agent.<\/li>\n\n\n\n<li>Type&nbsp;<strong>\/Applications\/Falcon.app\/Contents\/Resources\/falconctl stats<\/strong>&nbsp;in the Command area, then click&nbsp;<strong>save<\/strong>.<\/li>\n\n\n\n<li>On the Commands page, select the checkbox for the new command you created and click&nbsp;<strong>Run Now<\/strong>.<\/li>\n\n\n\n<li>Select the&nbsp;<strong>Results<\/strong>&nbsp;tab and verify that the Sensor operation value is&nbsp;<strong>true<\/strong>. Check this section, which is in the larger body of data that is returned from the&nbsp;falconctl&nbsp;binary:<\/li>\n<\/ol>\n\n\n\n<div class=\"wp-block-cgb-code-block code-block\"><div class=\"code-block-snippet is-type-body-default\">\n<p>\u200b\u200b=== agent_info ===<br>version: 6.39.15205.0<br>agentID: C804001A-9C8E-4A7F-B1CB-XXXXXXXXXXX<br>customerID: 84A8FF05-967F-4CFF-BB90-XXXXXXXXXX<br>Sensor operational: true<\/p>\n<\/div><\/div>\n\n\n\n<div class=\"wp-block-cgb-notification-card-wysiwyg notification-card tip\"><div class=\"notification-card-content\"><div class=\"notification-card-icon\"><p><img decoding=\"async\" src=\"\/wp-content\/themes\/jumpcloud\/assets\/images\/gutenberg-blocks\/tip-icon.png\" \/><\/p><\/div><div class=\"notification-card-copy is-type-body-default\"><div><strong class=\"notification-card-type\">Tip:<\/strong> \n<p>If you run the CrowdStrike PowerShell script and receive an error and become blocked by CrowdStrike, adding the JumpCloud agent to an allow list often resolves the issue.<\/p>\n <\/div><\/div><\/div><\/div>\n","protected":false},"excerpt":{"rendered":"<p>You can download and install the CrowdStrike Falcon Agent on Windows and macOS devices from the JumpCloud Admin Portal. CrowdStrike [&hellip;]<\/p>\n","protected":false},"author":202,"featured_media":0,"template":"","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"support_category":[2923,2852,2862],"support_tag":[],"coauthors":[2836],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.9 (Yoast SEO v22.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Install the CrowdStrike Falcon Agent - JumpCloud<\/title>\n<meta name=\"description\" content=\"Learn how to install the CrowdStrike Falcon agent on Windows or macOS, set up a macOS CrowdStrike policy, and troubleshoot the agent.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/support\/install-the-crowdstrike-falcon-agent\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Install the CrowdStrike Falcon Agent\" \/>\n<meta property=\"og:description\" content=\"Learn how to install the CrowdStrike Falcon agent on Windows or macOS, set up a macOS CrowdStrike policy, and troubleshoot the agent.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/support\/install-the-crowdstrike-falcon-agent\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:modified_time\" content=\"2024-09-13T15:44:13+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/02\/crowdstrike-policy-ccid.png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"11 minutes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data2\" content=\"denasteward\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/support\/install-the-crowdstrike-falcon-agent\",\"url\":\"https:\/\/jumpcloud.com\/support\/install-the-crowdstrike-falcon-agent\",\"name\":\"Install the CrowdStrike Falcon Agent - JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/install-the-crowdstrike-falcon-agent#primaryimage\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/install-the-crowdstrike-falcon-agent#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/02\/crowdstrike-policy-ccid.png\",\"datePublished\":\"2023-05-18T20:54:21+00:00\",\"dateModified\":\"2024-09-13T15:44:13+00:00\",\"description\":\"Learn how to install the CrowdStrike Falcon agent on Windows or macOS, set up a macOS CrowdStrike policy, and troubleshoot the agent.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/support\/install-the-crowdstrike-falcon-agent#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/support\/install-the-crowdstrike-falcon-agent\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/support\/install-the-crowdstrike-falcon-agent#primaryimage\",\"url\":\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/02\/crowdstrike-policy-ccid.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/02\/crowdstrike-policy-ccid.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/support\/install-the-crowdstrike-falcon-agent#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Support\",\"item\":\"https:\/\/jumpcloud.com\/support\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Install the CrowdStrike Falcon Agent\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Install the CrowdStrike Falcon Agent - JumpCloud","description":"Learn how to install the CrowdStrike Falcon agent on Windows or macOS, set up a macOS CrowdStrike policy, and troubleshoot the agent.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/support\/install-the-crowdstrike-falcon-agent","og_locale":"en_US","og_type":"article","og_title":"Install the CrowdStrike Falcon Agent","og_description":"Learn how to install the CrowdStrike Falcon agent on Windows or macOS, set up a macOS CrowdStrike policy, and troubleshoot the agent.","og_url":"https:\/\/jumpcloud.com\/support\/install-the-crowdstrike-falcon-agent","og_site_name":"JumpCloud","article_modified_time":"2024-09-13T15:44:13+00:00","og_image":[{"url":"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/02\/crowdstrike-policy-ccid.png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"11 minutes","Written by":"denasteward"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/support\/install-the-crowdstrike-falcon-agent","url":"https:\/\/jumpcloud.com\/support\/install-the-crowdstrike-falcon-agent","name":"Install the CrowdStrike Falcon Agent - JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/jumpcloud.com\/support\/install-the-crowdstrike-falcon-agent#primaryimage"},"image":{"@id":"https:\/\/jumpcloud.com\/support\/install-the-crowdstrike-falcon-agent#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/02\/crowdstrike-policy-ccid.png","datePublished":"2023-05-18T20:54:21+00:00","dateModified":"2024-09-13T15:44:13+00:00","description":"Learn how to install the CrowdStrike Falcon agent on Windows or macOS, set up a macOS CrowdStrike policy, and troubleshoot the agent.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/support\/install-the-crowdstrike-falcon-agent#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/support\/install-the-crowdstrike-falcon-agent"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/support\/install-the-crowdstrike-falcon-agent#primaryimage","url":"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/02\/crowdstrike-policy-ccid.png","contentUrl":"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2023\/02\/crowdstrike-policy-ccid.png"},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/support\/install-the-crowdstrike-falcon-agent#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"Support","item":"https:\/\/jumpcloud.com\/support"},{"@type":"ListItem","position":3,"name":"Install the CrowdStrike Falcon Agent"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/75155"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/support"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/202"}],"version-history":[{"count":3,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/75155\/revisions"}],"predecessor-version":[{"id":115503,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support\/75155\/revisions\/115503"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=75155"}],"wp:term":[{"taxonomy":"support_category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_category?post=75155"},{"taxonomy":"support_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/support_tag?post=75155"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=75155"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}