How to Replace Traditional Antivirus (AV) with CrowdStrike Falcon

Introduction

This document will cover the simple steps of replacing your traditional antivirus (AV) vendor with CrowdStrike.

 

Video

Prerequisites

This document assumes that you’re a customer with a pre-existing AV solution that you’d like to either replace or run along side Falcom.

For basic product installation please see the blog dedicated to the installation of Falcom

Windows ServerWindowsMacLinux
Supported PlatformsWin Server 2008R2 SP1 and aboveWin 7 SP1 and aboveOSX 10.8 and above– RHEL 7.0-7.2
– RHEL 6.2-6.8
– CentOS 7.0-7.2
– CentOS 6.2-6.8
– Ubuntu 14.04 LTS (minimum kernel version 3.13.0-32)
– SUSE Linux Enterprise Server 11.3-11.4 (minimum kernel version 3.0.101-0.47.55.1)
– SUSE Linux Enterprise Server 12-12.1 (minimum kernel version 3.12.39-47)

 

Step-by-step

Falcon Host was designed to interoperate without obstructing other endpoint software, including other endpoint security products, such as third-party AV and malware detection solutions. In this scenario we can see in the Windows Action Center that CrowdStrike and Symantec are installed side-by-side.

Windows Action Center

CrowdStrike Sensor in Microsoft Action Center

To remove another AV vendor from a host machine just utilize the “Add/Remove Programs” feature in the Windows Control Panel.

Windows control panel remove programs

Removing traditional antivirus

Once there select the previous AV vendor and then select the “uninstall” option that appears above the list of installed programs. Different vendors may have additional steps or multiple applications that will need to be removed.

Note: In the case of McAfee uninstall the McAfee Agent last, removing all the other installed programs first. This order seems to be the most effective in our experience.

Some vendors may require a reboot.

After a reboot verify that the uninstall was successful in the Action Center. Open the Action Center and navigate to the Control Panel -> System and Security -> Action Center

Under “Virus Protection” and “Spyware and Unwanted Software protection” CrowdStrike should be the only listed vendor.

CrowdStrike as the only vendor in Action Center

Actions Center with CrowdStrike as Security Vendor

 

More resources

 

Stop Breaches with CrowdStrike Falcon request a live demo