[ BUG ] `Uninstall-FalconSensor` uses Windows script on Linux

[anzaomar]

Describe the bug The Uninstall-FalconSensor command uses the Windows uninstallation script i.e. uninstall_sensor.ps1 instead of using the uninstall_sensor.sh.

There is a flaw in the code of the psf-sensors.ps1 file on line 365.

$Platform is not assigned the value of $HostList.platform_name.

The code should be changed to the following

$HostList = Get-FalconHost -Id $Id | Select-Object $Select
      if ($HostList.platform_name -notmatch '^(Windows|Linux)$') {
        throw 'Only Windows and Linux hosts are currently supported for uninstallation using PSFalcon.'
      }
      [string]$Filename = if ($HostList.platform_name -eq 'Linux') { 'uninstall_sensor.sh' } else { 'uninstall_sensor.ps1' }

OR

$HostList = Get-FalconHost -Id $Id | Select-Object $Select
      if ($HostList.platform_name -notmatch '^(Windows|Linux)$') {
        throw 'Only Windows and Linux hosts are currently supported for uninstallation using PSFalcon.'
      }
      [string]$Platform = $HostList.platform_name 
      [string]$Filename = if ($Platform -eq 'Linux') { 'uninstall_sensor.sh' } else { 'uninstall_sensor.ps1' }

To Reproduce Try to run the uninstallation command for any linux machine.

Expected behavior The command should use the uninstall_sensor.sh script for uninstallation.

[bk-cs]

Nice catch! I have corrected this for the next PSFalcon release.

If you'd like to resolve it for your local module before release, you can replace public\psf-sensors.ps1 using the steps outlined below.

Import-Module -Name PSFalcon
$ModulePath = (Show-FalconModule).ModulePath
(Invoke-WebRequest -Uri https://raw.githubusercontent.com/CrowdStrike/psfalcon/9afc0422d2cf597e8315f0d2e80db541218fa59e/public/psf-sensors.ps1 -UseBasicParsing).Content > (Join-Path (Join-Path $ModulePath public) psf-sensors.ps1)

Ensure that you restart PowerShell and re-import PSFalcon before testing.