Endpoint Security, CrowdStrike, Full Disk Access for macOS 10.14, 10.15 and 11.0
Granting Full Disk Access to the Falcon Sensor on macOS 10.14 (Mojave), 10.15 (Catalina) and 11.0 (Big Sur).
Systems
Crowdstrike
Affected Customers
University of Illinois IT Pros leveraging Technology Services CrowdStrike
General Information
Beginning with macOS 10.15, full disk access must be granted to the CrowdStrike Falcon Sensor to obtain visibility to all files on the device. This action only needs to be taken once per host when installing the Falcon Sensor on Catalina, or after upgrading to Catalina from earlier macOS releases. It does not need to be repeated after sensor updates.
For macOS 10.14, CrowdStrike recommends granting full disk access to the CrowdStrike Falcon Sensor, in order to prepare for upcoming sensor releases that will be able to access file paths protected by default on Mojave.
Actions
Granting Full Disk Access via Workspace ONE
If you are using EPS Workspace ONE to manage your macOS devices, please contact the EPS team and we will help you leverage the existing "fda.crowdstrike" global privacy preferences profile to grant full disk access to the Crowdstrike Falcon Sensor.
Granting Full Disk Access Manually
For Macs not enrolled in Workspace ONE, you can take the following steps to manually grant full disk access to the Crowdstrike Falcon Sensor. Administrator account permission is needed for these steps.
- Open System Preferences
- Open Security & Privacy
- Select the Privacy tab. If privacy settings are locked:
- Click the lock icon in the lower-left corner
- Enter your device password
- In the left pane, select Full Disk Access
- For macOS 11.0 and above, select the Agent check box in the right pane.
- Additionally, for all macOS versions, click the + icon. Find Falcon in the list of applications, or type Cmd-Shift-G and enter /Applications/Falcon.app
- Click Open
- Click Quit Now
- If necessary, click the lock in the lower-left corner to re-lock privacy settings