Back to Tech Center

How to Install the Falcon Agent

CrowdStrike Tech Center

The greatest minds in cybersecurity are at Fal.Con in Las Vegas, Sept. 18-21.

Register now to build skills at hands-on workshops and learn from skilled threat hunters.

Introduction

In this document and video, you’ll see how the CrowdStrike Falcon® agent is installed on an individual system and then validated in the Falcon management interface.  If you’d like to get access to the CrowdStrike Falcon® Platform, get started today with the Free Trial.

Additional installation guides for Mac and Linux are also available:

Linux: How to install the Falcon Sensor on Linux

Mac: How to install the Falcon Sensor on Mac

Video

Installation Steps

Step 1: Activate the account

After purchasing CrowdStrike Falcon® or starting a product trial, look for the following email to begin the activation process.

Gettings started letter from Crowdstrike

The activation process includes:

  1. Setting up a password
  2. Establishing a method for 2-factor authentication

In a Chrome browser go to your Falcon console URL (Google Chrome is the only supported browser for the Falcon console).

The URL depends on which cloud your organization uses. If you’re not sure, refer to the initial setup instructions sent by CrowdStrike.

In Google Chrome:

  1. Enter your credentials on the login screen.

    First time sign-in

  2. On the next screen, enter your 2FA token. The first time you sign in, you’re prompted to set up a 2FA token. Common 2FA providers include Duo Mobile, winauth, JAuth, and GAuth Authenticator.

For instructions about setting up roles and permissions, as well as instructions about resetting a password or 2FA, see Users and Roles.

The password screen appears first, followed by the screen where you select a method of 2-factor authentication.

Step 2: Download and install the agent

Upon verification, the Falcon UI will open to the Activity App.  Click the “Download Sensor” button

First Sensor Install

The downloads page consists of the latest available sensor versions.  Select the correct sensor version for your OS by clicking on the download link to the right. At the top of the downloads page is a Customer ID, you will need to copy this value as it is used later in the install process.

sensor dl page v3

 

Next, obtain admin privileges. Run the installer for your platform. When prompted, accept the end user license agreement and click “INSTALL.”

Install screen

Linux: How to install the Falcon Sensor on Linux

Mac: How to install the Falcon Sensor on Mac

Step 3: Confirm that the sensor is running

Unlike legacy endpoint security products, Falcon does not have a user interface on the endpoint. There are no icons in the Windows System Tray or on any status or menu bars.

From the windows command prompt, run the following command to ensure that “STATE” is “RUNNING”: $ sc query csagent

Step 4: Verify sensor visibility in the cloud

Finally, verify that newly installed agent in the Falcon UI. To view a complete list of newly installed sensors in the past 24 hours, go to https://falcon.crowdstrike.com/login/.

Navigate to: Events App > Sensors > Newly Installed Sensors

The hostname of your newly installed agent will appear on this list within five minutes of installation. If you don’t see your host listed, read through the Sensor Deployment Guide for your platform to troubleshoot connectivity issues.

Conclusion

The resulting actions mean Falcon is active, an agent is deployed and verified, and the system can be seen in the Falcon UI.

More resources

 

Related Content