Created
October 22, 2024 22:01
-
-
Save jordigg/7ba4aca98d6dde2e2c851b03753f2ade to your computer and use it in GitHub Desktop.
CrowdStrike macOS 15 settings config file example for use with Kandji MDM
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
| <plist version="1.0"> | |
| <dict> | |
| <key>PayloadContent</key> | |
| <array> | |
| <dict> | |
| <key>FilterBrowsers</key> | |
| <false /> | |
| <key>FilterDataProviderBundleIdentifier</key> | |
| <string>com.crowdstrike.falcon.Agent</string> | |
| <key>FilterDataProviderDesignatedRequirement</key> | |
| <string>identifier "com.crowdstrike.falcon.Agent" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] and certificate leaf[field.1.2.840.113635.100.6.1.13] and certificate leaf[subject.OU] = "X9E956P446"</string> | |
| <key>FilterGrade</key> | |
| <string>inspector</string> | |
| <key>FilterPacketProviderBundleIdentifier</key> | |
| <string>com.crowdstrike.falcon.Agent</string> | |
| <key>FilterPacketProviderDesignatedRequirement</key> | |
| <string>identifier "com.crowdstrike.falcon.Agent" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] and certificate leaf[field.1.2.840.113635.100.6.1.13] and certificate leaf[subject.OU] = "X9E956P446"</string> | |
| <key>FilterPackets</key> | |
| <false /> | |
| <key>FilterSockets</key> | |
| <true /> | |
| <key>FilterType</key> | |
| <string>Plugin</string> | |
| <key>Organization</key> | |
| <string>CrowdStrike Inc.</string> | |
| <key>PayloadDisplayName</key> | |
| <string>Web Content Filter</string> | |
| <key>PayloadIdentifier</key> | |
| <string>io.kandji.crowdstrike.2C5CBFD0-7CFE-41CB-95BC-A681F4D293B8</string> | |
| <key>PayloadType</key> | |
| <string>com.apple.webcontent-filter</string> | |
| <key>PayloadUUID</key> | |
| <string>2C5CBFD0-7CFE-41CB-95BC-A681F4D293B8</string> | |
| <key>PayloadVersion</key> | |
| <integer>1</integer> | |
| <key>PluginBundleID</key> | |
| <string>com.crowdstrike.falcon.App</string> | |
| <key>UserDefinedName</key> | |
| <string>Falcon</string> | |
| </dict> | |
| <dict> | |
| <key>PayloadDescription</key> | |
| <string>Configures Privacy Preferences Policy Control settings</string> | |
| <key>PayloadDisplayName</key> | |
| <string>Privacy Preferences</string> | |
| <key>PayloadIdentifier</key> | |
| <string>com.apple.TCC.configuration-profile-policy.9A10BE5D-5E46-4C22-89C9-20597A04B616</string> | |
| <key>PayloadOrganization</key> | |
| <string>CrowdStrike Inc.</string> | |
| <key>PayloadType</key> | |
| <string>com.apple.TCC.configuration-profile-policy</string> | |
| <key>PayloadUUID</key> | |
| <string>9A10BE5D-5E46-4C22-89C9-20597A04B616</string> | |
| <key>PayloadVersion</key> | |
| <integer>1</integer> | |
| <key>Services</key> | |
| <dict> | |
| <key>SystemPolicyAllFiles</key> | |
| <array> | |
| <dict> | |
| <key>Allowed</key> | |
| <true /> | |
| <key>CodeRequirement</key> | |
| <string>identifier "com.crowdstrike.falcon.Agent" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = X9E956P446</string> | |
| <key>Comment</key> | |
| <string></string> | |
| <key>Identifier</key> | |
| <string>com.crowdstrike.falcon.Agent</string> | |
| <key>IdentifierType</key> | |
| <string>bundleID</string> | |
| <key>StaticCode</key> | |
| <false /> | |
| </dict> | |
| <dict> | |
| <key>Allowed</key> | |
| <true /> | |
| <key>CodeRequirement</key> | |
| <string>identifier "com.crowdstrike.falcon.App" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = X9E956P446</string> | |
| <key>Comment</key> | |
| <string></string> | |
| <key>Identifier</key> | |
| <string>com.crowdstrike.falcon.App</string> | |
| <key>IdentifierType</key> | |
| <string>bundleID</string> | |
| <key>StaticCode</key> | |
| <false /> | |
| </dict> | |
| </array> | |
| </dict> | |
| </dict> | |
| <dict> | |
| <key>AllowUserOverrides</key> | |
| <true /> | |
| <key>AllowedSystemExtensionTypes</key> | |
| <dict> | |
| <key>X9E956P446</key> | |
| <array> | |
| <string>EndpointSecurityExtension</string> | |
| <string>NetworkExtension</string> | |
| </array> | |
| </dict> | |
| <key>AllowedSystemExtensions</key> | |
| <dict> | |
| <key>X9E956P446</key> | |
| <array> | |
| <string>com.crowdstrike.falcon.Agent</string> | |
| </array> | |
| </dict> | |
| <key>NonRemovableFromUISystemExtensions</key> | |
| <dict> | |
| <key>X9E956P446</key> | |
| <array> | |
| <string>com.crowdstrike.falcon.Agent</string> | |
| </array> | |
| </dict> | |
| <key>PayloadDescription</key> | |
| <string>Configures System Extensions Policy settings</string> | |
| <key>PayloadDisplayName</key> | |
| <string>System Extensions</string> | |
| <key>PayloadIdentifier</key> | |
| <string>com.apple.system-extension-policy.20258B06-5866-4424-8893-A3AF1AFAAEDC</string> | |
| <key>PayloadOrganization</key> | |
| <string>CrowdStrike Inc.</string> | |
| <key>PayloadType</key> | |
| <string>com.apple.system-extension-policy</string> | |
| <key>PayloadUUID</key> | |
| <string>20258B06-5866-4424-8893-A3AF1AFAAEDC</string> | |
| <key>PayloadVersion</key> | |
| <integer>1</integer> | |
| </dict> | |
| <dict> | |
| <key>NotificationSettings</key> | |
| <array> | |
| <dict> | |
| <key>BundleIdentifier</key> | |
| <string>com.crowdstrike.falcon.UserAgent</string> | |
| <key>NotificationsEnabled</key> | |
| <true /> | |
| </dict> | |
| </array> | |
| <key>PayloadDisplayName</key> | |
| <string>Notifications</string> | |
| <key>PayloadIdentifier</key> | |
| <string>61090B22-3DCD-435E-ABB2-BE997B3CB78D</string> | |
| <key>PayloadType</key> | |
| <string>com.apple.notificationsettings</string> | |
| <key>PayloadUUID</key> | |
| <string>61090B22-3DCD-435E-ABB2-BE997B3CB78D</string> | |
| <key>PayloadVersion</key> | |
| <integer>1</integer> | |
| </dict> | |
| <dict> | |
| <key>AllowedTeamIdentifiers</key> | |
| <array> | |
| <string>X9E956P446</string> | |
| </array> | |
| <key>PayloadDescription</key> | |
| <string>Controls the system extension loading/unloading</string> | |
| <key>PayloadDisplayName</key> | |
| <string>App System Extension Control</string> | |
| <key>PayloadIdentifier</key> | |
| <string>com.apple.system-extensions.admin.E45B5986-74A6-4B6A-A4CA-E179516A7F52</string> | |
| <key>PayloadOrganization</key> | |
| <string>CrowdStrike Inc.</string> | |
| <key>PayloadType</key> | |
| <string>com.apple.system-extensions.admin</string> | |
| <key>PayloadUUID</key> | |
| <string>E45B5986-74A6-4B6A-A4CA-E179516A7F52</string> | |
| </dict> | |
| </array> | |
| <key>PayloadDescription</key> | |
| <string>Network Content Filter, System Extensions, and Privacy Preferences</string> | |
| <key>PayloadDisplayName</key> | |
| <string>CrowdStrike Settings</string> | |
| <key>PayloadEnabled</key> | |
| <true /> | |
| <key>PayloadIdentifier</key> | |
| <string>io.kandji.profile.custom.9e5ce1bc-8ddb-4d1f-9567-5647e60cbb0d</string> | |
| <key>PayloadOrganization</key> | |
| <string>Kandji, Inc.</string> | |
| <key>PayloadRemovalDisallowed</key> | |
| <false /> | |
| <key>PayloadScope</key> | |
| <string>System</string> | |
| <key>PayloadType</key> | |
| <string>Configuration</string> | |
| <key>PayloadUUID</key> | |
| <string>9e5ce1bc-8ddb-4d1f-9567-5647e60cbb0d</string> | |
| <key>PayloadVersion</key> | |
| <integer>1</integer> | |
| </dict> | |
| </plist> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment