As discussed in yesterdays’ Endpoint Management Meeting, beware of jumping too many versions of macOS at a time without uninstalling the CrowdStrike Falcon Sensor first! Upgrading from one supported version of macOS to another should be fine, but going from an unsupported version of macOS (for example, macOS 10.15 Catalina) to the latest available version (currently macOS 13 Ventura) will cause problems.
The last supported version of the Falcon Sensor for a given version of macOS is generally set by CrowdStrike approximately 180 days before that OS’s expected retirement date. The minimum Falcon Sensor version required for a newly released version of macOS is determined much closer to the OS’s release date, usually a few weeks. This means that the version required for the newly released macOS will be greater than the last supported version for the soon-to-be-retired macOS. For example, the last supported version of the CrowdStrike Falcon Sensor for macOS 10.15 Catalina is 6.41, while the minimum required version for macOS 13 Ventura is 6.45. This makes going from Catalina to Ventura without first removing the CrowdStrike Falcon Sensor a problematic situation.
To remedy this, once a “last supported version” for a soon-to-be-retired macOS is identified, Duke creates a CrowdStrike Sensor Update Policy to both (a) hold the Falcon Sensor at that version for that OS and (b) allow the removal of the Falcon Sensor without the need for a Maintenance Token in order to more easily facilitate the upgrade to a newer OS. The best practice would be to update macOS more frequently, before the upgrade path becomes so broad. Alternatively, one could also still upgrade in steps, going, for example, from Catalina to Big Sur or Monterey, waiting for CrowdStrike to self-update to the latest version (instead of holding at the last version supported on Catalina), then upgrading to Ventura. However, if it is desired to go from an unsupported version of macOS to the latest available version, you’ll want to uninstall CrowdStrike first.
For more information, please contact OIT Device Engineering via ServiceNow (“Device Engineering – OIT”) or email at oitderequest@duke.edu.
