Endpoint Security, CrowdStrike, Full Disk Access for macOS 10.14 and 10.15

Granting Full Disk Access to the Falcon Sensor on macOS 10.14 (Mojave) and 10.15 (Catalina).

Systems

Crowdstrike

Affected Customers

University of Illinois IT Pros leveraging Technology Services CrowdStrike

General Information

Beginning with macOS 10.15, full disk access must be granted to the CrowdStrike Falcon Sensor to obtain visibility to all files on the device. This action only needs to be taken once per host when installing the Falcon Sensor on Catalina, or after upgrading to Catalina from earlier macOS releases. It does not need to be repeated after sensor updates.

For macOS 10.14, CrowdStrike recommends granting full disk access to the CrowdStrike Falcon Sensor, in order to prepare for upcoming sensor releases that will be able to access file paths protected by default on Mojave.

Actions

Granting Full Disk Access via Workspace ONE

If you are using EPS Workspace ONE to manage your macOS devices, please contact the EPS team and we will help you leverage the existing "fda.crowdstrike" global privacy preferences profile to grant full disk access to the Crowdstrike Falcon Sensor.

Granting Full Disk Access Manually

For Macs not enrolled in Workspace ONE, you can take the following steps to manually grant full disk access to the Crowdstrike Falcon Sensor. Administrator account permission is needed for these steps.


Contact the EPS team