After weeks of troubleshooting Verese issues I thought it would be good to document a working process. Hopefully this helps not go through some of the pain that I have been through due to some of corks.
I have a few profile to enable CrowdStrike with no user interaction needed.
macOS - CrowdStrike - Content Filter
Filter Name: falcon
Identifier: com.crowdstrike.falcon.App
Organization: CrowdStrike, Inc.
Filter Socket Traffic: Enabled
Socket Filter Bundle ID: com.crowdstrike.falcon.Agent
Socket Requirement: identifier "com.crowdstrike.falcon.Agent" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] and certificate leaf[field.1.2.840.113635.100.6.1.13] and certificate leaf[subject.OU] = X9E956P446
Filter Grade: Inspector
macOS – CrowdStrike – Login and Background Items
Rule Type: BundleIdentifier
Rule Value: com.crowdstrike.falcon.UserAgent
Team Identifier: X9E956P446
macOS - CrowdStrike - Notification Settings
App Bundle ID: com.crowdstrike.falcon.UserAgent
Allow notifications: Enable
Show in Notification Center: Enable
Show in Lock Screen: Enable
Allow badging: Enable
Allow sounds: Enable
Allow critical alert notifications: Enable
Alert Type: Temporary Banner 
macOS – CrowdStrike – System Extension
Allowed System Extension Types
Team Identifier: X9E956P446
Endpoint Security & Network Enable
Allowed System Extensions
Team Identifier: X9E956P446
Bundle Identifier: com.crowdstrike.falcon.Agent
Now this is what gave me and so many people issue. I dont know if this is a bug or undocumented need for Workspace one and Crowd Strike Profile.
In this order Create a MacOS – Crowdstrike – Privacy Preference in this order
Identifier: com.crowdstrike.falcon.Agent
Identifier Type Bundle ID
Code Requirement: identifier "com.crowdstrike.falcon.Agent" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = X9E956P446
Comment: agent
System Policy All Files: Allow
System Policy Sys Admin Files: AllowNow add a second Prefrences inside the same one for Falcon App
Identifier: com.crowdstrike.falcon.App
Identifier Type Bundle ID
Code Requirement: identifier "com.crowdstrike.falcon.App" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = X9E956P446
Comment: app
System Policy All Files: Allow
System Policy Sys Admin Files: Allow
I hope this helps save you time: The big issue was not having something in the comments. Once that was added the rest your app should not go green in some cases I need to reboot
Bonus: Install Script
Post Install Script
#!/bin/bash
sudo /Applications/Falcon.app/Contents/Resources/falconctl license "Your Key"
You must be logged in to post a comment.