If you are planning to deploy CrowdStrike Sensor (CS Sensor) within your virtual desktop (Windows 10) or server operating(Remote Desktop – Windows Server 2016), then continue reading. In this post, we will take a look into the following topics:
- Scripted silent install of CrowdStrike Sensor
- Process exclusions for VMware App Volumes – Writable Volumes (snapvol.cfg)
Script to install CrowdStrike Sensor
Pre-requisites:
- Based on your requirements, a complete range of silent switches can be found here – How to Install CrowdStrike Falcon Sensor | Dell US
- Create a folder called C:\Temp\Sensor and place all the CS Sensor EXE within this folder.
- Make sure to read the installer log files after the install is completed.
- We use the proxy details as the virtual machines don’t have direct internet access.
- Look for the exit code = 0 = success
#############################################################################################
# Install Crowd Strike Sensor to the Golden Image on Windows 10 and Windows Server 2016/2019
# Look for Exit Code 0 = Success
# Comment or Un-comment the Agent that does not apply to your environment
# Author - Aresh Sarkari - https://twitter.com/askaresh
#############################################################################################
###################################################################
# Declare Variables #
###################################################################
#Sensor Names
$CSSensorName = "WindowsSen*"
#The sensor installer Location
$TempInstallPath = "C:\Temp\Sensor"
#Log Files location
$CSSensorlogFile = "C:\Temp\Sensor\CSSensor.log"
###################################################################
# EXE Arguments Arrary for CS Sensor #
###################################################################
# Modify any Installer switches related to the sensor here.
# Dell Article covering all silent switches
# https://www.dell.com/support/kbdoc/en-us/000126124/how-to-install-crowdstrike-falcon-sensor
# Proxy switches if your endpoints dont have direct Internet Access
# Log Files w.r.t to installation is generated in C:\Temp\*
# Crowd Strike Sensor Arguments
$CSArguments = @(
"/install"
"/quiet"
"/norestart"
"CID=YOUDIDGUIDWILLGOHERE-EG"
"ProvToken=YOURTOKENNUMBER"
"GROUPING_TAGS=TAG1,TAG_VDI"
"ProvWaitTime=3600000"
"APP_PROXYNAME=proxy.whateverproxy.com"
"APP_PROXYPORT=80"
"VDI=1"
"/log"
$CSSensorlogFile
)
###################################################################
# Main #
###################################################################
# Install Crowd Strike Sensor
Write-Host "Installing the Crowd Strike Sensor" -ForegroundColor Green
$CSSensorPath = (Get-ChildItem -Path $TempInstallPath | Where-Object {$_.name -like $CSSensorName}).Fullname
$CSSensorInstall = (Start-Process -Filepath $CSSensorPath -Wait -ArgumentList "$CSArguments" -PassThru)
$CSSensorInstall.ExitCode
Start-Sleep 20
Git Hub – scripts/CSSensor-Install at master · askaresh/scripts (github.com)
Process exclusions for VMware App Volumes
It is advisable you add the CrowdStrike process exclusions within the VMware App Volumes – Writable Volumes templates on snapvol.cfg. Here is the detailed guidance on how to modify the snapvold.cfg – Using the VMware App Volumes snapvol.cfg File to Customize Writable Volumes | VMware End-User Computing Blog. These two processes are visible within the Task Manager.
#Crowdstrike Exclusions exclude_process_name=CSFalconService.exe exclude_process_name=CSFalconContainer.exe
A big thanks to Jishan for the numerous testing cycles! I hope you will find this script and exclusions useful to install the CrowsStrike Sensor. A small request if you further enhance the script or exclusions, I hope you can share it back with me?
Thanks,
Aresh Sarkari