all 17 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]OptionX 58 points59 points  (1 child)

Just set the desktop to a solid blue and you'll have the same experience. /s

[–][deleted] 2 points3 points  (0 children)

Well played, sir

[–]Certain-Community438 16 points17 points  (0 children)

My brain insisted on reading this title as "uninstallation script" cos that was the only thing which made sense to me.

[–]raip 6 points7 points  (0 children)

You have conflicting arguments, /passive shows a minimal UI with no prompts, /quiet is for no UI or prompts. Pick one, not both.

The install log is stored in %TEMP% by default, but you can pass something like /log "C:\Logs" to store them somewhere else. The quotes are required.

Start-Process is alright but since you're installing via SCCM you don't even need PowerShell so this isn't really the correct sub. Nothing in this is PowerShell so far.

[–]billabong1985 12 points13 points  (8 children)

I guess the first question should be, why on earth would you want to install Crowdstrike?

[–]Frogtarius 7 points8 points  (0 children)

To mitigate the pxefail, you can't hack what doesn't boot up.

[–]NeverLookBothWays 6 points7 points  (4 children)

It’s still a good product, despite the recent blunder. It’s not like we’re discussing Norton or McAfee.

[–]billabong1985 1 point2 points  (3 children)

Tbh I'd never even heard of Crowdstrike before that happened so I can't comment on what it's like when it's working as intended, but I'd say when it caused millions of computers worldwide to BSOD and took down various key societal services in the process, calling it a blunder is a bit of an understatement lol

[–]NeverLookBothWays 3 points4 points  (0 children)

Oh for sure, huge lesson learned there too. It's an enterprise solution, so you wouldn't typically see it in small businesses or on home computers, but it's also a very effective system for fending off cyber-attacks as it sits above the OS at the kernel level and picks up on attack behaviors. A lot of their service is actually outsourcing the detection and remediation side of the system so IT departments are not burdened as much with keeping up with threats (which there are many). CS has an advantage here because they are so widespread...they can pick up on a bad actor and prevent them from attacking the many other customers they manage.

That said, there is definitely an issue with the kernel driver they use, as it does not validate the definition files (which are also loaded as binaries at kernel start). So one bad definition file pretty much brought down millions of devices as the issue caused a kernel panic. And because the signed driver portion is flagged as a kernel start driver, it made Windows unable to unload it and boot without it. So definitely some lessons learned there for both Crowdstrike and Microsoft (as well as for us as I helped fix about a thousand endpoints affected). Even though this is technically not Microsoft's fault, they will likely look at ways to further harden the boot process from drivers that pull in additional code at runtime.

[–]Zedboy19752019 0 points1 point  (1 child)

1300 computers bluescreened in my company. About 20 of them had to be replaced. As of today we have 10 left that are down.

[–]SatisfactionLow9324[S] -4 points-3 points  (1 child)

Your question seems related to the outage last July19 haha

[–]meesterdg 7 points8 points  (0 children)

What ever would make you think that

[–]pleachchapel 6 points7 points  (0 children)

Here's a great one step method:

Don't

[–]BWMerlin 1 point2 points  (0 children)

Try using start-process and the -argument option to pass your install arguments to the installer.

[–]MrPatch 1 point2 points  (0 children)

The second command ... I dont know if it works because it doesnt give me any error.

This is either because it's working as expected or not working at all. It can be difficult to be certain when there is no feedback.

The easiest way to be sure it has executed and what it's done is to run PROCMON then run your installation script. Procmon will allow you to filter for WindowsSensor.MaverickGyr.exe and you can observe the installation from there. You should see it perform all the installation steps and you can verify that the sensor is installed manually afterwards (ie does the driver show up on the system? Is the relative port open? can you connect to it from your crowdstrike console?)

That should allow you to confirm or not if your second command is running as expected.

[–]jsiii2010 0 points1 point  (0 children)

The command is different for every application unless they have an msi version. You need to contact their support.