How to Install the Falcon Agent
The greatest minds in cybersecurity are at Fal.Con in Las Vegas, Sept. 18-21.
Register now to build skills at hands-on workshops and learn from skilled threat hunters.
In this document and video, you’ll see how the CrowdStrike Falcon® agent is installed on an individual system and then validated in the Falcon management interface. If you’d like to get access to the CrowdStrike Falcon® Platform, get started today with the Free Trial.
Additional installation guides for Mac and Linux are also available:
Step 1: Activate the account
After purchasing CrowdStrike Falcon® or starting a product trial, look for the following email to begin the activation process.
The activation process includes:
- Setting up a password
- Establishing a method for 2-factor authentication
In a Chrome browser go to your Falcon console URL (Google Chrome is the only supported browser for the Falcon console).
The URL depends on which cloud your organization uses. If you’re not sure, refer to the initial setup instructions sent by CrowdStrike.
In Google Chrome:
Enter your credentials on the login screen.
On the next screen, enter your 2FA token. The first time you sign in, you’re prompted to set up a 2FA token. Common 2FA providers include Duo Mobile, winauth, JAuth, and GAuth Authenticator.
For instructions about setting up roles and permissions, as well as instructions about resetting a password or 2FA, see Users and Roles.
The password screen appears first, followed by the screen where you select a method of 2-factor authentication.
Step 2: Download and install the agent
Upon verification, the Falcon UI will open to the Activity App. Click the “Download Sensor” button
The downloads page consists of the latest available sensor versions. Select the correct sensor version for your OS by clicking on the download link to the right. At the top of the downloads page is a Customer ID, you will need to copy this value as it is used later in the install process.
Next, obtain admin privileges. Run the installer for your platform. When prompted, accept the end user license agreement and click “INSTALL.”
Step 3: Confirm that the sensor is running
Unlike legacy endpoint security products, Falcon does not have a user interface on the endpoint. There are no icons in the Windows System Tray or on any status or menu bars.
From the windows command prompt, run the following command to ensure that “STATE” is “RUNNING”: $ sc query csagent
Step 4: Verify sensor visibility in the cloud
Finally, verify that newly installed agent in the Falcon UI. To view a complete list of newly installed sensors in the past 24 hours, go to https://falcon.crowdstrike.com/login/.
Navigate to: Events App > Sensors > Newly Installed Sensors
The hostname of your newly installed agent will appear on this list within five minutes of installation. If you don’t see your host listed, read through the Sensor Deployment Guide for your platform to troubleshoot connectivity issues.
The resulting actions mean Falcon is active, an agent is deployed and verified, and the system can be seen in the Falcon UI.
- CrowdStrike 15-Day Free Trial
- CrowdStrike Tech Center
- Request a 1:1 Demo
- Guide to AV Replacement
- CrowdStrike Products