1. Uninstall ESET Endpoint Security from your computer, if applicable.
2. Download Falcon Sensor for Mac.
3. Double-click the downloaded file.
4. Click Continue, then follow the prompts to complete the installation.
5. Enter your username and password, then click Install Software.
6. If prompted, click OK to allow the Installer.app to continue.
7. Click Continue.
8. When prompted, enter your Customer ID with Checksum and leave the optional Installer Token blank. 
   Note: If your departmental technology support has given you a Customer ID with Checksum, enter it here. Otherwise, use the Token in your Order Details. Navigate to Your Account/Orders within the OnTheHub software portal to locate it.
   
9. Click Submit.
10. Click Setup, and when prompted, click Allow to grant permission to Filter Network Content.
11. Click Continue. When a System Extension Blocked message displays, click Open System Settings.
12. The Privacy & Security pane displays. Click Allow to continue installing the Falcon application.
13. Close the settings window and click Continue.
14. Click System Settings. When the Full Disk Access pane displays, enable Falcon Sensor.
15. Enter your computer username and password and click Modify Settings.
16. Close the settings window and click Continue.
17. Click OK to when a confirmation displays indicating Falcon Sensor was successfully licensed.
18. Click Finish.

Verify CrowdStrike Is Running

Step 1: Download and Install

1. Uninstall ESET Endpoint Security from your computer, if applicable.
2. Download Falcon Sensor for Mac.
3. Double-click the FalconSensorMacOS installation file.
4. Click Continue, then follow the prompts to complete the installation.
5. Enter your user name and password, then click Install Software.
6. If prompted, click OK to allow Installer.app to continue with the installation.
7. Click Continue.
8. When prompted, enter your Customer ID with Checksum and leave the optional Installer Token blank. 
   Note: If your departmental technology support has given you a Customer ID with Checksum, enter it here. Otherwise, use the Token in your Order Details. Navigate to Your Account/Orders within the OnTheHub software portal to locate it.
   
9. Click Allow to grant permission to Filter Network Content.
10. A System Extension Blocked message displays. Click Open Security Preferences.
11. Click the General tab.
12. Click the lock and enter your Mac’s username and password to allow changes.
13. Click Allow to grant permission to the system software developer, CrowdStrike, Inc.
14. Click OK.
15. If prompted, click OK to allow Installer.app to continue with the installation.
16. Click Close.

Step 2: Grant Permissions to CrowdStrike

1. Click the Apple Menu > System Preferences > Security & Privacy > Privacy.
2. Click Full Disk Access (left) and click the checkbox to the left of both the Agent and Falcon apps to enable them.
3. If the Falcon app isn't listed:
   1. Click the plus (+).
   2. Click Applications and then Falcon.app. 
   3. Click Open.
4. Click Quit Now.
5. Click the lock to apply the changes.

Verify CrowdStrike Is Running

1. If you have existing antivirus software running on your computer, uninstall it. Note: Windows Defender does not need to be uninstalled.
2. Download Falcon Sensor for Windows.
3. Double-click the FalconSensorWinOS installation file.
4. Allow the installer to continue.
5. Accept the License agreement.
6. When prompted, enter your Customer ID with Checksum. 
   Note: If your departmental technology support has given you a Customer ID with Checksum, enter it here. Otherwise, use the Token in your Order Details. Navigate to Your Account/Orders within the  OnTheHub software portal to locate it. 
7. Click Install.
8. Click Yes and then Close.

Verify CrowdStrike Is Running

Step 1: Verify if SecureBoot is Enabled

1. Open a terminal window and enter the following command:
   
   sudo mokutil --sb-state
   
2. Press Enter.
3. If you receive the response SecureBoot Enabled, continue to Step 2: Install the Certificate for SecureBoot Signing Certificate.
4. If you receive the response SecureBoot Disabled, skip to Step 3: Install CrowdStrike Falcon Sensor.

Step 2: Install the SecureBoot Signing Certificate

1. The signing certificate is included in your download. 

2. Open a terminal window and enter the following, replacing <FULL_PATH> with the location where the certificate was downloaded. This will import CrowdStrike's certificate.
   
   sudo mokutil --import <FULL_PATH>
3. Press Enter.
4. Create a mokutil password when prompted. Note: This is separate from your Andrew password and will be used only once after your next reboot.
5. Press Enter.
6. Reboot your machine.
7. You may be prompted to enter the Machine-Owner Key (MOK). Enter the password you created above.
8. Press Enter.
9. Continue to Step 3: Install CrowdStrike Falcon Sensor.

Step 3: Install CrowdStrike Falcon Sensor

1. In the terminal, enter the following, replacing <FULL_PATH> with the location where you downloaded the install file.
   
   

   Ubuntu:

   sudo dpkg -i <FULL_PATH>



   RHEL, CentOS, Amazon Linux:

   sudo yum install <FULL_PATH>
   
2. Press Enter.
   
3. In the terminal, enter the following, replacing <CID> with Customer ID (CID) with Checksum.
   Note: If your departmental technology support has given you a Customer ID with Checksum, enter it here. Otherwise, use the Token in your Order Details. Navigate to Your Account/Orders within the  OnTheHub software portal to locate it. 
   
   sudo /opt/CrowdStrike/falconctl -s --cid=<CID>
   
4. Press Enter.
5. In the terminal, enter the appropriate command to start the sensor:
   
   SysVinit:
   sudo service falcon-sensor start
   
   Systemd:
   sudo systemctl start falcon-sensor

Verify CrowdStrike Is Running

1. Open the Falcon application.
2. You should see a window with three green checkmarks next to:
   • Sensor is registered
   • Sensor is operational
   • Sensor is cloud connected

1. Open Terminal.
2. Type sudo /Applications/Falcon.app/Contents/Resources/falconctl stats | grep -F agent_info -A 6 and press Enter.
3. When prompted, enter the password for your macOS account.
4. Something similar to the following should be displayed:
   
   === agent_info ===
   
   version: 6.49.16201.0
   agentID: 0C2309BA-E35A-4DAE-8021-C18079937183
   customerID: 623076A3-5DE2-4326-82D1-F1462D7B5330
   Sensor operational: true

1. The Falcon icon shows the status in the taskbar notification area (system tray):
   
   •   Falcon icon with a green check and shield - Falcon sensor is running
   •   Gray Falcon icon - Falcon sensor is NOT running
   •   X - internal sensor error
2. Click the Falcon icon in the notification area to update the status and see detailed information. Driver and Server status should be checked. Cloud connection should be connected.

1. In the terminal, enter the appropriate command to verify the sensor has been installed:
   
   ps -e | grep falcon-sensor
2. Press Enter.
3. If you do not see output similar to the following, contact your departmental IT administrator, DSP consultant, or the Computing Services Help Center for assistance.
   
   [root@centos6-installtest ~]$ ps -e | grep falcon-sensor
905 ? 00:00:02 falcon-sensor

Important

The Falcon Sensor for Linux is validated for specific Linux kernel versions. If the running Linux kernel is not on the current validation list, the sensor will have reduced or no functionality. We recommend you delay installing new Linux kernels for two weeks after your distro's release date to allow time for CrowdStrike's validation process and ensure the sensor remains fully effective.