Purpose of Knowledge Article:
- A guide on how to install or uninstall CrowdStrike Falcon from Berkeley Lab computers
- The CrowdStrike Falcon macOS installer is a universal binary and will work on Intel and Apple Silicon (M1, and M2) chipsets
Resolution:
IMPORTANT:
- Be sure to select the correct instruction for the operating system you are using
- It is highly recommended to read the instructions before installing CrowdStrike Falcon
If you have Sophos Antivirus:
- If you have Sophos Antivirus on the computer, the CrowdStrike Falcon installer will uninstall it for you.
- If you have Sophos Antivirus on the computer, a restart will be required to finish the Sophos uninstallation process.
Install CrowdStrike Falcon
Expand the instruction for the operating system you are using:
The CrowdStrike Falcon macOS installer is a universal binary and will work on Intel and Apple Silicon (M1, and M2) chipsets
| 1 | Go to https://software.lbl.gov/swSoftwareDetails.php?applicationID=259 and download CrowdStrike Falcon Sensor for macOS 12 and 13 | no image |
| 2 | Browse to the location where the file LBL_CS_MacOS_12_13 is downloaded, and right-click on it |
|
| 3 | Click Open | |
| 4 | Click Open to the popup saying "macOS cannot verify the developer of LBL_CS_MacOS_12_13. Are you sure you want to open it?" |
|
| 5 | Click Continue for the "Introduction" and "Read Me" section |
|
| 6 | Click Install |
|
| 7 | Type in your computer password |
|
| 8 | Click Install Software | |
| 9 | Click Allow to the popup saying "'Falcon' would like to filter network content" |
|
| 10 | A "System Extension Blocked" popup will appear, click Open System Settings |
|
| 11 | Select Privacy & Security |
|
| 12 | Look for "System software from application "Falcon" was blocked from loading" | |
| 13 | Click Allow | |
| 14 | Type in your computer password |
|
| 15 | Click Unlock | |
| 16 | click OK on the popup saying "Installer would like to modify apps on your mac" |
|
| 17 | Click Close |
|
| 18 | Click Move to Trash and continue to Step 2 |
|
| 1 | Click the Apple icon on the top left corner
|
|
| 2 | Click System Settings | |
| 3 | Select Privacy & Security on the left column
|
|
| 4 | Select Full Disk Access on the right side |
|
| 5 | Toggle the slider to on for Agent |
|
| 6 | Type in your computer password | |
| 7 | Click Unlock | |
| 8 | Click the + icon | |
| 9 | Navigate to /Application/Falcon or Falcon.app and select it |
|
| 10 |
Click Open |
|
| 11 | Now, the sliders for Agent and Falcon should both be toggled on You are done, close System Settings Note: if you have Sophos, you will need to restart the computer for Sophos to finish uninstalling. |
|
| 12 | If you want to confirm CrowdStrike Falcon is installed and running, see Is CrowdStrike Falcon Running? |
no image |
The CrowdStrike Falcon macOS installer is a universal binary and will work on Intel and Apple Silicon (M1, and M2) chipsets
| 1 | Go to https://software.lbl.gov/swSoftwareDetails.php?applicationID=259 and download CrowdStrike Falcon Sensor for macOS 12 and 13 | no image |
| 2 | Browse to the location where the file LBL_CS_MacOS_12_13 is downloaded, and right-click on it |
|
| 3 | Click Open | |
| 4 | Click Open to the popup saying "macOS cannot verify the developer of LBL_CS_MacOS_12_13. Are you sure you want to open it?" |
|
| 5 | Click Continue for the "Introduction" and "Read Me" section |
|
| 6 | Leave the default destination as it is and click Continue Note: if you do not see this screen, continue to the next step. |
|
| 7 | Click Install |
|
| 8 | Type in your computer password |
|
| 9 | Click Install Software | |
| 10 | Click Allow to the popup saying "com.crowdstrike.falcon.app" would like to filter network content" |
|
| 11 | A "System Extension Blocked" popup will appear, click Open Security Preferences |
|
| 12 | Select Security & Privacy |
|
| 13 | Click the Lock icon on the bottom left |
|
| 14 | Type in your computer password | |
| 15 | Click Unlock | |
| 16 | Look for "System software from application "Falcon.app" was blocked from loading", and click Allow |
|
| 17 | Installation is done. Click Close |
|
| 18 | Click Move to Trash and continue to Step 2 |
|
<a id="FDA_macOS11_12">
| 1 | Click the Apple icon on the top left corner
|
|
| 2 | Click System Preferences | |
| 3 | Click Security & Privacy
|
|
| 4 | Click the Lock icon on the bottom left corner
|
|
| 5 | Type in your computer password | |
| 6 | Click Unlock | |
| 7 | Select Privacy tab | |
| 8 | On the left column, find and select Full Disk Access |
|
| 9 | Check the box for Agent | |
| 10 | Click the + icon | |
| 11 | Navigate to /Application/Falcon or Falcon.app and select it |
|
| 12 |
Click Open |
|
| 13 | Now, both the box for Agent and Falcon should be checked You are done, close System Preferences Note: if you have Sophos, you will need to restart the computer for Sophos to finish uninstalling. |
|
| 14 | If you want to confirm CrowdStrike Falcon is installed and running, see Is CrowdStrike Falcon Running? | no image |
</a>
The CrowdStrike Falcon macOS installer is a universal binary and will work on Intel and Apple Silicon (M1, and M2) chipsets
| 1 | Go to software.lbl.gov and download CrowdStrike Falcon Sensor for macOS 11 | no image |
| 2 | Browse to the location where the file LBL_CS_MacOS11_vX.X is downloaded, and double-click on it |
|
| 3 | It will extract a folder called LBL_CS_MacOS11_vX.X, open it. Leave this folder open, you will return to it. |
|
| 4 | Right-click on the GovLagger... file |
|
| 5 | Select Open With | |
| 6 | Select Installer | |
| 7 | Click Continue for the "Introduction" and "Read Me" section |
|
| 8 | Click Install |
|
| 9 | Type in your computer password |
|
| 10 | Click Install Software | |
| 11 | Click Close |
|
| 12 | Return to the LBL_CS_MacOS11_vX.X folder from step 3 and right-click on the file configuration.command |
|
| 13 | Select Open With | |
| 14 | Select Terminal | |
| 15 | Click Open to the popup saying "macOS cannot verify the developer of "configuration.command". Are you sure you want to open it?" |
|
| 16 | In the terminal window that pops up, type in your computer password and hit enter Note: no character will appear when you type the password here. |
|
| 17 | Click Allow to the popup saying "Falcon would like to filter network content" |
|
| 18 | A "System Extension Blocked" popup will appear, click Open Security Preferences |
|
| 19 | Select Security & Privacy |
|
| 20 | Click the Lock icon on the bottom left |
|
| 21 | Type in your computer password | |
| 22 | Click Unlock | |
| 23 | Look for "System software from application "Falcon" was blocked from loading", and click Allow |
|
| 24 | This process may take between 3-8 minutes. Once done you will see it say [Process Completed] Continue to Step 2 |
|
| 1 | Click the Apple icon on the top left corner
|
|
| 2 | Click System Preferences | |
| 3 | Click Security & Privacy
|
|
| 4 | Click the Lock icon on the bottom left corner
|
|
| 5 | Type in your computer password | |
| 6 | Click Unlock | |
| 7 | Select Privacy tab | |
| 8 | On the left column, find and select Full Disk Access |
|
| 9 | Check the box for Agent | |
| 10 | Click the + icon | |
| 11 | Navigate to /Application/Falcon or Falcon.app and select it |
|
| 12 |
Click Open |
|
| 13 | Now, both the box for Agent and Falcon should be checked You are done, close System Preferences Note: if you have Sophos, you will need to restart the computer for Sophos to finish uninstalling. |
|
| 14 | If you want to confirm CrowdStrike Falcon is installed and running, see Is CrowdStrike Falcon Running? | no image |
Instructions for Windows 10 and Windows 11 are essentially the same. The main difference is how they look.
| 1 | Go to https://software.lbl.gov/swSoftwareDetails.php?applicationID=259 and download CrowdStrike Falcon Sensor for Windows | no image |
| 2 | Browse to the location where the file LBL_CS_Win_Installer_vX.X is downloaded, and double-click on it |
|
| 3 | You may see the popup "Windows Protected your PC" Click More info If not, skip to Step 5 |
|
| 4 | Click Run anyway |
|
| 5 | The pop-up "Do you want to allow this app to make changes to your device?" will appear Click Yes |
|
| 6 |
A command prompt window will appear stating "This may take several minutes. This window will close when the full process is complete" This process will take between 4 to 10 minutes If you have Sophos, you will need to restart the computer for Sophos to finish uninstalling. During this process, you may see the following notifications in the bottom right corner. You can ignore it.
This happens because during the transient state, Sophos Antivirus is being removed and CrowdStrike Falcon is being installed. |
|
| 7 | Once the command prompt window disappears. You are done. If you want to confirm CrowdStrike Falcon is installed and running, see Is CrowdStrike Falcon Running? |
no image |
Uninstall CrowdStrike Falcon
Expand the instruction for the operating system you are using:
| 1 | Launch the Terminal app from the Utilities folder |
|
| 2 | Run sudo /Applications/Falcon.app/Contents/Resources/falconctl uninstall |
|
| 3 | Type in your computer password and hit Enter key on your keyboard | |
| 4 | You will see a confirmation saying "Falcon is uninstalled" |
|
| 1 | Click on the Start Menu icon |
|
| 2 | Type in Control Panel | |
| 3 | Click Control Panel | |
| 4 | Click Programs and Features |
|
| 5 | Select CrowdStrike Windows Sensor in the list |
|
| 6 | Click Uninstall | |
| 7 | The Do you want to allow this app to make changes to your device will pop up Click Yes |
|
| 8 | Click Uninstall |
|
| 9 | The uninstallation process will take a moment. When it is done, click Close |
|
