PDQ Deploy CrowdStrike Falcon Sensor installs but Deploy never shows complete
I am trying to deploy the sensor agent for Crowdstrike. It looked like a fairly straightforward package.
Command line is: windowssensor.exe /install /quiet /norestart CID=xxxxxx
I've created the step as an Install step, path to the install file, copied the switches to the Parameters field.
The install works, the sensor gets installed but the job never finishes.
There's the warning under the Parameters box about setting the silent install options, which I have done.
Any ideas why it wont finish the job?
Comments
We use the GOV version at our facility, but we had to make some tweaks to get it working too.
Our current deployment is set up as follows:
Step type: Install (not command line or PowerShell)
Install file points to the .exe in the repository
parameters:
/install /quiet /norestart CID=XXXXXXXXXXX-XX
(be careful here, we tried to omit the hyphen in our CID and it broke it. It's case-sensitive too.)
Success codes: 0,1641,3010,2359302
And there's one more caveat we found: if you try to push it to a system that already has the sensor installed, or if connection drops during deployment and the install finishes on its own, the install will hang or fail. Basically, if the sensor already exists it causes a conflict.
A good way to combat this is to use the conditions tab to check if its already installed. Our settings:
File: Does Not Exist
Directory: %programfiles%\CrowdStrike\, with Also match x86 turned on.
Filename: CSFalconService.exe
Hope this helps!
Try adding ProvNoWait=1 to the end of the installation parameters
I changed that for mine and it now installs and completes correctly in PDQ
Shane is right; that technically works, but what that does is ignore the provisioning server response, so the client may not show up in the admin console right away; sometimes for a day or two. Our sysadmin wasn't satisfied with that, so we kept playing around with the settings until we found a config that worked without relying on the ProvNoWait flag. Your call how you want to handle it.
Does anyone have a way to install the optional Token?
Hi Eric. While we're not using the feature ourselves, I think I found what you were asking about. There appears to be a control panel in the Falcon Admin portal under Host Setup & Management > Deploy > Installation Tokens. Hopefully this helps!
Hi Patrick,
Thank you for replying back. We also use a Gov version of Crowd Strike. However, we don't have that option.
We need to add the token on each install and was wondering if there is a way to add it from PDQ. There doesn't seem to be a parameter for it.
Regards,
/Eric