CrowdStrike Falcon® Free Trial Guide FAQ

CrowdStrike Falcon® Prevent next-generation antivirus (NGAV), threat intelligence, device control, and firewall management are automatically included in the trial.

The CrowdStrike Falcon® platform supports Windows, Mac and Linux operating systems.

Supported Windows 64-bit servers:

Server 2022
Server Core 2022
Server 2019
Server Core 2019
Server 2016
Server Core 2016
Server 2012 R2
Storage Server 2012 R2
Server 2012
Server 2008 R2 SP1

Supported Windows OS:

Windows 11
Windows 10
Windows 8.1
Windows 7 SP1
Windows 7 Embedded POS Ready

Supported macOS:

macOS Ventura 13.0
macOS Monterey 12.0
macOS Big Sur 11.0

Supported Linux OS:

CrowdStrike supports these x86_64 versions of these Linux server OSs:

x86_64, Graviton 64, and s390x zLinux versions of these Linux server OSs:

x86_64
Alma Linux

9.0: sensor version 6.41.13804 and later
8.6: sensor version 6.41.13803 and later
8.5: sensor version 6.33.13003 and later
8.4: sensor version 6.29.12606 and later

Amazon Linux 2
Amazon Linux AMI

2018.03
2017.09

CentOS

8.5: sensor version 6.33.13003 and later
8.4: sensor version 6.24.12104 and later
8.3
8.2: sensor version 5.34.9917 and later
8.1: sensor version 5.27.9101 and later
8.0
7.9: sensor version 5.43.10803 and later
7.8: sensor version 5.30.9510 and later
7.4 - 7.7
6.7 - 6.10

Debian

11: sensor version 6.34.13108 and later
10: sensor version 6.20.11711 and later
9.1-9.4: sensor version 5.33.9804 and later

Oracle Linux

Oracle Linux 9 - UEK7
Oracle Linux 8 - UEK 6
Oracle Linux 7 - UEK 6: sensor version 6.19.11610 and later
Oracle Linux 7 - UEK 3, 4, 5
Oracle Linux 6 - UEK 3, 4
Red Hat Compatible Kernels (supported RHCK kernels are the same as for RHEL)

Red Hat Enterprise Linux CoreOS (RHCOS) Note: For DaemonSet deployment only.

4.11: sensor version 6.46.14306 and later
4.10: sensor version 6.46.14306 and later
4.9: sensor version 6.39.13601 and later
4.8: sensor version 6.39.13601 and later
4.7: sensor version 6.39.13601 and later

Red Hat Enterprise Linux (RHEL)

9.0: sensor version 6.41.13804 and later
8.7: sensor version 6.48.14504 and later
8.6: sensor version 6.41.13803 and later
8.5: sensor version 6.33.13003 and later
8.4: sensor version 6.24.12104 and later
8.3
8.2: sensor version 5.34.9917 and later
8.1: sensor version 5.27.9101 and later
8.0
7.9: sensor version 5.43.10803 and later
7.8: sensor version 5.30.9510 and later
7.4 - 7.7
6.7 - 6.10

Rocky Linux

9.0: sensor version 6.41.13804 and later
8.6: sensor version 6.41.13803 and later
8.5: sensor version 6.33.13003 and later
8.4: sensor version 6.29.12606 and later

SUSE Linux Enterprise (SLES)

15 - 15.4. SLES 15 SP4: sensor version 6.47.14408 and later
12.2 - 12.5. SLES 12 SP5: sensor version 5.27.9101 and later
11.4: you must also install OpenSSL version 1.0.1e or later

OpenSuse LEAP

15.4: sensor version 6.47.14408 and later
15.3: sensor version 6.39.13601 and later
Note: Supported kernels are the same as SLES 15 SP3 and SLES 15 SP4

Ubuntu

22.04 LTS: sensor version 6.41.13803 and later
20.04 LTS: sensor version 5.43.10807 and later
18-AWS
18.04 LTS
16-AWS
16.04 LTS and 16.04.5 LTS
14.04 LTS

Graviton

Alma Linux ARM64

8.7 ARM64: sensor version 6.48.14504 and later
8.6 ARM64: sensor version 6.43.14005 and later
8.5 ARM64: sensor version 6.41.13803 and later

Amazon Linux 2
CentOS ARM64

8.5 ARM64: sensor version 6.41.13803 and later
Red Hat Enterprise Linux (RHEL) ARM64
8.7 ARM64: sensor version 6.48.14504 and later
8.6 ARM64: sensor version 6.43.14005 and later
8.5 ARM64: sensor version 6.41.13803 and later

Rocky Linux ARM64

8.7 ARM64: sensor version 6.48.14504 and later
8.6 ARM64: sensor version 6.43.14005 and later
8.5 ARM64: sensor version 6.41.13803 and later

Ubuntu

20.04 AWS: sensor version 6.47.14408 and later
20.04 LTS: sensor version 6.44.14107 and later
18.04 LTS: sensor version 6.44.14107 and later
s390x zLinux

Red Hat Enterprise Linux (RHEL)

Red Hat 7.7, 7.8, 7.9
Red Hat 8.0, 8.1, 8.2, 8.3, 8.4, 8.5

The CrowdStrike Falcon platform is optimized for Google Chrome.

CrowdStrike Falcon is a 100% cloud-based solution, offering security as a service (SaaS) to customers. Once you’ve deployed the sensor onto the endpoint, your endpoint is protected online and offline — 24/7.

Any existing solutions should be uninstalled before you begin your trial. The CrowdStrike Falcon trial is pre-configured to the highest security setting for your protection and will work optimally if it is the only AV solution on your endpoints. If you need assistance, contact the Trial Team at falcontrial@crowdstrike.com.

The CrowdStrike Falcon® sensor is lightweight and only needs to be deployed once. It uses less than 1% of CPU. Updates are automatic and the sensor works online and offline.

Open the console menu. In the bottom right hand corner, you can find our Trial Resource Center. Select View Guides and then choose the correct guide for your operating system. Follow the appropriate guide instructions to deploy the Falcon sensor onto your endpoint(s).

Open the console menu. Select Host setup and management → Host dashboard. There are three sample hosts. You should see a host corresponding to the endpoint on which the sensor was just installed.

You can also use step-by-step guides to test if the deployment worked for Windows or Mac operating systems. Open the console menu. In the bottom right hand corner, select the Trial Resource Center → View Guides → Windows First Detection or Mac First Detection.

Once you have logged into your trial, open the console menu and select Host setup and management → Falcon users → User management. Here, you can add users and manage their roles in the trial.

You can also use a step-by-step guide to help you. Open the console menu. In the bottom right hand corner, select Trial Resource Center → View Guides → Add Team Member.

There are four CrowdStrike Falcon modules automatically included in the trial: Falcon Prevent, CrowdStrike Falcon® Intelligence automated threat intelligence, CrowdStrike Falcon® Device Control and CrowdStrike Falcon® Firewall Management. There are eight additional modules you can enable to customize your trial experience: CrowdStrike Falcon® Insight XDR, CrowdStrike Falcon® Horizon cloud security posture management, CrowdStrike Falcon® Sandbox malware analysis, CrowdStrike Falcon® Discover IT hygiene, CrowdStrike Falcon® Spotlight vulnerability management, CrowdStrike Falcon® Forensics forensic cybersecurity and CrowdStrike Falcon® for Mobile.

To test individual modules, open the console menu, select CrowdStrike Store → CrowdStrike Apps → Select your desired module → Try it for free. Note that some modules require another module to function properly. You can see dependencies for each module on the page under Falcon Requirements. It may take up to 30 minutes for all modules to become fully functional.

Yes. The CrowdStrike Falcon Prevent module is a fully certified AV replacement solution and allows organizations to confidently replace their existing legacy AV.

Falcon Prevent incorporates identification and prevention of known malware, machine learning for unknown malware, exploit blocking and advanced Indicator of Attack (IOA) behavioral techniques to protect against attacks whether your endpoints are online or offline. Falcon Prevent also features integration with Windows System Center, for organizations that need to prove compliance with appropriate regulatory requirements.

Yes. As long as the lightweight sensor has been installed, it will use prevention technologies to protect your endpoints whether they are online or offline. The technologies include machine learning to protect against known and zero-day malware, exploit blocking, hash blocking and CrowdStrike’s behavioral artificial intelligence heuristic algorithms, known as indicators of attack (IOAs).

Falcon Prevent uses an array of complementary prevention and detection methods to protect against ransomware:

Blocking of known ransomware
Exploit blocking to stop the execution and spread of ransomware via unpatched vulnerabilities
Machine learning for detection of previously unknown “zero-day” ransomware
Indicators of attack (IOAs) through behavioral analysis to identify and block additional unknown ransomware, as well as new categories of ransomware that do not use files to encrypt victims’ data

Yes, Falcon Prevent offers powerful and comprehensive prevention capabilities. Falcon Prevent can stop execution of malicious code, block zero-day exploits, kill processes and contain command-and-control callbacks.

No. CrowdStrike Falcon delivers next-generation endpoint protection via the cloud — a key element of “next-gen” is reducing overhead, friction and cost in protecting your environment. There is no on-premises equipment to be maintained, managed or updated. The Falcon sensor is unobtrusive in terms of endpoint system resources and updates are seamless, requiring no reboots. The Falcon web-based management console provides an intuitive and informative view of your complete environment.

A red banner at the top of the platform will indicate the number of days left in your free trial. At the end of this period, access to the CrowdStrike Falcon UI will be terminated. However, if you’d like to extend your time or have additional questions, you can contact the Trial Team at falcontrial@crowdstrike.com.

Log in to your CrowdStrike account
Select Host management and setup → Sensor downloads → Tool Downloads
Download the installation tool that corresponds with your OS
You will need your “maintenance token” to validate the approval to uninstall
Navigate to Host setup and management and select the Host that you want to remove. A sidebar will open. Click on Reveal maintenance token to obtain the single-use maintenance token needed to uninstall the sensor.

CROWDSTRIKE FALCON® FREE TRIAL FAQ

CONTACT THE TRIAL TEAM FOR ASSISTANCE