Back to Blog
Falcon sensor mac os5/19/2023 ![]() # need to uninstall it, but InfoSec has set a maintenance token on their end for the computer to make any changes at all. # The scenario when you would use this script is when Crowdstrike is installed and you ![]() it is an imperfect solution to an imperfect situation. It may not be the most efficient way of doing it, but it works. I had to do some variable voodoo to get it to work. Then it's a matter of getting the script to run the uninstall command with the token that is specific to THAT computer. In the list the serial numbers are appended with "TOKEN" and the tokens are associated with their respective computers. You probably could use your actual hostnames or whatever ID they are listed as in Crowdstrike, but you'll have to modify the script accordingly. Our computer names are based on serial numbers so I found it easier to use serial numbers. The biggest caveat is that there is no way around using the maintenance tokens, so you have to get your security team to provide you with the tokens and the computers they go with. It isn't perfect, but this is the best I could come up with. Since there is no way to get InfoSec to issue maybe a universal token that applies to all computers, I have come up with a solution that works. ![]() ![]() I understand the need to protect the tools that protect the computers, but the extreme step of requiring a unique, one-time use only key to remove the software makes our lives a nightmare. I hate hate hate security programs that don't do us admins any favors by locking themselves down. This is a problem that has long plagued me.
0 Comments
Read More
Leave a Reply. |