CrowdStrike Falcon® Prevent next-generation antivirus (NGAV), threat intelligence, device control, and firewall management are automatically included in the trial.

The CrowdStrike Falcon® platform supports Windows, Mac and Linux operating systems.

Supported Windows 64-bit servers:

• Server 2022
• Server Core 2022
• Server 2019
• Server Core 2019
• Server 2016
• Server Core 2016
• Server 2012 R2
• Storage Server 2012 R2
• Server 2012
• Server 2008 R2 SP1

Supported Windows OS:

• Windows 11
• Windows 10
• Windows 7 SP1
• Windows 7 Embedded POS Ready

Supported macOS:

• macOS Sonoma 14
• macOS Ventura 13.0
• macOS Monterey 12.0
• macOS Big Sur 11.0

Supported Linux OS:

CrowdStrike supports these x86_64 versions of these Linux server OSs:

• x86_64, Graviton 64, and s390x zLinux versions of these Linux server OSs:
• x86_64
• Alma Linux
• 9.1: sensor version 7.02.15705 and later
• 9.0: sensor version 6.41.13804 and later
• 8.6: sensor version 6.41.13803 and later
• 8.5: sensor version 6.33.13003 and later
• 8.4: sensor version 6.29.12606 and later
• Amazon Linux 2
• Amazon Linux AMI
• 2018.03
• 2017.09
• CentOS
• 8.5: sensor version 6.33.13003 and later
• 8.4: sensor version 6.24.12104 and later
• 8.3
• 8.2: sensor version 5.34.9917 and later
• 8.1: sensor version 5.27.9101 and later
• 8.0
• 7.9: sensor version 5.43.10803 and later
• 7.8: sensor version 5.30.9510 and later
• 7.4 - 7.7
• 6.7 - 6.10
• Debian
• 11: sensor version 6.34.13108 and later
• 10: sensor version 6.20.11711 and later
• 9.1-9.4: sensor version 5.33.9804 and later
• Oracle Linux
• Oracle Linux 9 - UEK7
• Oracle Linux 8 - UEK 6
• Oracle Linux 7 - UEK 6: sensor version 6.19.11610 and later
• Oracle Linux 7 - UEK 3, 4, 5
• Oracle Linux 6 - UEK 3, 4
• Red Hat Compatible Kernels (supported RHCK kernels are the same as for RHEL)
• Red Hat Enterprise Linux CoreOS (RHCOS) Note: For DaemonSet deployment only.
• 4.12: sensor version 6.54.15110 and later
• 4.11: sensor version 6.46.14306 and later
• 4.10: sensor version 6.46.14306 and later
• 4.9: sensor version 6.39.13601 and later
• 4.8: sensor version 6.39.13601 and later
• 4.7: sensor version 6.39.13601 and later
• Red Hat Enterprise Linux (RHEL)
• 9.1: sensor version 7.02.15705 and later
• 9.0: sensor version 6.41.13804 and later
• 8.7: sensor version 6.48.14504 and later
• 8.6: sensor version 6.41.13803 and later
• 8.5: sensor version 6.33.13003 and later
• 8.4: sensor version 6.24.12104 and later
• 8.3
• 8.2: sensor version 5.34.9917 and later
• 8.1: sensor version 5.27.9101 and later
• 8.0
• 7.9: sensor version 5.43.10803 and later
• 7.8: sensor version 5.30.9510 and later
• 7.4 - 7.7
• 6.7 - 6.10
• Rocky Linux
• 9.1: sensor version 7.02.15705 and later
• 9.0: sensor version 6.41.13804 and later
• 8.6: sensor version 6.41.13803 and later
• 8.5: sensor version 6.33.13003 and later
• 8.4: sensor version 6.29.12606 and later
• SUSE Linux Enterprise (SLES)
• 15 - 15.4. SLES 15 SP4: sensor version 6.47.14408 and later
• 12.2 - 12.5. SLES 12 SP5: sensor version 5.27.9101 and later
• 11.4: you must also install OpenSSL version 1.0.1e or later
• OpenSuse LEAP
• 15.4: sensor version 6.47.14408 and later
• 15.3: sensor version 6.39.13601 and later
• Note: Supported kernels are the same as SLES 15 SP3 and SLES 15 SP4
• Ubuntu
• 22.04 LTS: sensor version 6.41.13803 and later
• 20.04 LTS: sensor version 5.43.10807 and later
• 18-AWS
• 18.04 LTS
• 16-AWS
• 16.04 LTS and 16.04.5 LTS
• 14.04 LTS
• Graviton
• Alma Linux ARM64
• 9.1 ARM64: sensor version 7.02.15705 and later
• 9.0 ARM64: sensor version 6.51.14810 and later
• 8.7 ARM64: sensor version 6.48.14504 and later
• 8.6 ARM64: sensor version 6.43.14005 and later
• 8.5 ARM64: sensor version 6.41.13803 and later
• Amazon Linux 2
• Note: Supports DaemonSet deployments
• CentOS ARM64
• 8.5 ARM64: sensor version 6.41.13803 and later
• Red Hat Enterprise Linux (RHEL) ARM64
• 9.1 ARM64: sensor version 7.02.15705 and later
• 9.0 ARM64: sensor version 6.51.14810 and later
• 8.7 ARM64: sensor version 6.48.14504 and later
• 8.6 ARM64: sensor version 6.43.14005 and later
• 8.5 ARM64: sensor version 6.41.13803 and later
• Rocky Linux ARM64
• 9.1 ARM64: sensor version 7.02.15705 and later
• 9.0 ARM64: sensor version 6.51.14810 and later
• 8.7 ARM64: sensor version 6.48.14504 and later
• 8.6 ARM64: sensor version 6.43.14005 and later
• 8.5 ARM64: sensor version 6.41.13803 and later
• Ubuntu
• 20.04 AWS: sensor version 6.47.14408 and later
• 20.04 LTS: sensor version 6.44.14107 and later
• 18.04 LTS: sensor version 6.44.14107 and later
• s390x zLinux
• Red Hat Enterprise Linux (RHEL)
• 8.8: sensor version 6.57.15402 and later
• 8.7: sensor version 6.53.15003 and later
• 8.0 - 8.6: sensor version 6.49.14606 and later
• 7.7 - 7.9: sensor version 6.49.14606 and later

• SUSE Enterprise Linux (SLES):
• 15 SP4: sensor version 6.57.15402 and later
• 15 SP3: sensor version 6.57.15402 and later
• 15 SP2: sensor version 6.57.15402 and later
• 15 SP1: sensor version 6.57.15402 and later
• 15: sensor version 6.57.15402 and later
• 12 SP5: sensor version 6.54.15110 and later
• 12 SP4: sensor version 6.54.15110 and later
• 12 SP3: sensor version 6.54.15110 and later
• 12 SP2: sensor version 6.54.15110 and later
• 12 SP1: sensor version 6.54.15110 and later

• Ubuntu
• 22 LTS: sensor version 7.01.15604 and later
• 20 LTS: sensor version 6.58.15508 and later
• 18 LTS: sensor version 6.58.15508 and later

Docker is supported on the following Linux OSes only:

• Amazon Linux 2 - LNX 5.26.9003+ required
• x86_64: sensor version 5.26.9003 and later
• Graviton: sensor version 5.34.9717 and later
• Amazon Linux 2018.03
• CentOS7 and RHEL 7
• CentOS 7.9/RHEL 7.9: sensor version 5.43.10803
• CentOS 7.8/RHEL 7.8: sensor version 5.30.9510 and later
• Debian 9.1-9.4: sensor version 5.33.9804 and later
• Ubuntu
• Ubuntu 20.04: sensor version 5.43.10807 and later
• Ubuntu 18.04: sensor version 5.27.9101 and later
• Ubuntu 16.04
• Ubuntu 14.04
• SUSE Linux Enterprise (SLES)
• SLES 15: sensor version 5.26.9003
• SLES 12
• SLES 12 SP5: sensor version 5.28.9205 and later
• SLES 12 SP4
• SLES 12 SP3

Supported container runtimes:

• Docker
• CRI-O
• containerd

The CrowdStrike Falcon platform is optimized for Google Chrome.

CrowdStrike Falcon is a 100% cloud-based solution, offering security as a service (SaaS) to customers. Once you’ve deployed the sensor onto the endpoint, your endpoint is protected online and offline — 24/7.

Any existing solutions should be uninstalled before you begin your trial. The CrowdStrike Falcon trial is pre-configured to the highest security setting for your protection and will work optimally if it is the only AV solution on your endpoints. If you need assistance, contact the Trial Team at falcontrial@crowdstrike.com.

The CrowdStrike Falcon® sensor is lightweight and only needs to be deployed once. It uses less than 1% of CPU. Updates are automatic and the sensor works online and offline.

Open the console menu. In the bottom right hand corner, you can find our Trial Resource Center. Select View Guides and then choose the correct guide for your operating system. Follow the appropriate guide instructions to deploy the Falcon sensor onto your endpoint(s).

Open the console menu. Select Host setup and management → Host dashboard. There are three sample hosts. You should see a host corresponding to the endpoint on which the sensor was just installed.

You can also use step-by-step guides to test if the deployment worked for Windows or Mac operating systems. Open the console menu. In the bottom right hand corner, select the Trial Resource Center → View Guides → Windows First Detection or Mac First Detection.

Once you have logged into your trial, open the console menu and select Host setup and management → Falcon users → User management. Here, you can add users and manage their roles in the trial.

You can also use a step-by-step guide to help you. Open the console menu. In the bottom right hand corner, select Trial Resource Center → View Guides → Add Team Member.

There are four CrowdStrike Falcon modules automatically included in the trial: Falcon Prevent, CrowdStrike Falcon® Intelligence automated threat intelligence, CrowdStrike Falcon® Device Control and CrowdStrike Falcon® Firewall Management. There are eight additional modules you can enable to customize your trial experience: CrowdStrike Falcon® Insight XDR, CrowdStrike Falcon® Horizon cloud security posture management, CrowdStrike Falcon® Sandbox malware analysis, CrowdStrike Falcon® Discover IT hygiene, CrowdStrike Falcon® Spotlight vulnerability management, CrowdStrike Falcon® Forensics forensic cybersecurity and CrowdStrike Falcon® for Mobile.

To test individual modules, open the console menu, select CrowdStrike Store → CrowdStrike Apps → Select your desired module → Try it for free. Note that some modules require another module to function properly. You can see dependencies for each module on the page under Falcon Requirements. It may take up to 30 minutes for all modules to become fully functional.

Yes. The CrowdStrike Falcon Prevent module is a fully certified AV replacement solution and allows organizations to confidently replace their existing legacy AV.

Falcon Prevent incorporates identification and prevention of known malware, machine learning for unknown malware, exploit blocking and advanced Indicator of Attack (IOA) behavioral techniques to protect against attacks whether your endpoints are online or offline. Falcon Prevent also features integration with Windows System Center, for organizations that need to prove compliance with appropriate regulatory requirements.

Yes. CrowdStrike Falcon can help organizations in their efforts to meet numerous compliance and certification requirements. Falcon has received third-party validation for the following regulations: PCI DSS v4.0 | HIPAA | NIST | FFIEC | PCI Forensics | NSA-CIRA | SOC 2 | CSA-STAR | AMTSO | AV-Comparatives.

Yes. As long as the lightweight sensor has been installed, it will use prevention technologies to protect your endpoints whether they are online or offline. The technologies include machine learning to protect against known and zero-day malware, exploit blocking, hash blocking and CrowdStrike’s behavioral artificial intelligence heuristic algorithms, known as indicators of attack (IOAs).

Falcon Prevent uses an array of complementary prevention and detection methods to protect against ransomware:

• Blocking of known ransomware
• Exploit blocking to stop the execution and spread of ransomware via unpatched vulnerabilities
• Machine learning for detection of previously unknown “zero-day” ransomware
• Indicators of attack (IOAs) through behavioral analysis to identify and block additional unknown ransomware, as well as new categories of ransomware that do not use files to encrypt victims’ data

Yes, Falcon Prevent offers powerful and comprehensive prevention capabilities. Falcon Prevent can stop execution of malicious code, block zero-day exploits, kill processes and contain command-and-control callbacks.

No. CrowdStrike Falcon delivers next-generation endpoint protection via the cloud — a key element of “next-gen” is reducing overhead, friction and cost in protecting your environment. There is no on-premises equipment to be maintained, managed or updated. The Falcon sensor is unobtrusive in terms of endpoint system resources and updates are seamless, requiring no reboots. The Falcon web-based management console provides an intuitive and informative view of your complete environment.

A red banner at the top of the platform will indicate the number of days left in your free trial. At the end of this period, access to the CrowdStrike Falcon UI will be terminated. However, if you’d like to extend your time or have additional questions, you can contact the Trial Team at falcontrial@crowdstrike.com.

• Log in to your CrowdStrike account
• Select Host management and setup → Sensor downloads → Tool Downloads
• Download the installation tool that corresponds with your OS
• You will need your “maintenance token” to validate the approval to uninstall
• Navigate to Host setup and management and select the Host that you want to remove. A sidebar will open. Click on Reveal maintenance token to obtain the single-use maintenance token needed to uninstall the sensor.