Falcon supports Windows, Mac and Linux operating systems. Supported Windows OS:
- Windows 7 SP1 x86 and x64
- Windows 7 Embedded (available from sensor build 2.28.5012)
- Windows 10, Windows 10 Anniversary Build, Windows 10 Creators Update
- Windows Server 2008 R2 SP1 x64 (OS available as x64 only)
- Windows Server 2012
- Windows Server 2012 R2
- Windows Server 2016
- MacOS Monterey 12.0 and later
- MacOS Big Sur 11.0 and later
- MacOS Catalina 10.15
Supported Linux OS: We support these x86_64 versions of these Linux server OSes:
- Alma Linux
- Amazon Linux 2
- Amazon Linux AMI
- 8.0 – 8.5
- 7.4 – 7.9
- 6.7 – 6.10
- Oracle Linux
- Oracle Linux 6 - UEK 3, 4
- Oracle Linux 7 - UEK 3, 4, 5
- Red Hat Compatible Kernels (supported RHCK kernels are the same as for RHEL)
- Red Hat Enterprise Linux (RHEL)
- Rocky Linux
- SUSE Linux Enterprise (SLES)
- 12.2 – 12.5
- 20.04 LTS
- 20.04 AWS
- 20.04 GCP
- 18 AWS
- 18 GCP
- 18.04 LTS
- 16.04 LTS
- Additional Linux Support
- AWS ARM-based Graviton Processors
- Amazon Linux 2
The CrowdStrike Falcon Platform is optimized for Google Chrome.
CrowdStrike Falcon is a 100 percent cloud-based solution, offering Security as a Service (SaaS) to customers. Falcon requires no servers or controllers to be installed, freeing you from the cost and hassle of managing, maintaining and updating on-premises software or equipment.
Any existing solutions should be uninstalled before you begin your Trial. The CrowdStrike Falcon Trial is pre-configured to the highest security setting for your protection and will work optimally if it is the only AV solution on your endpoints. If you need assistance, contact the Trial Team.
The CrowdStrike Falcon agent is a lightweight sensor that only needs to be installed, or deployed, onto an endpoint one time without a need for reinstallation. It uses less than 1% of CPU as it scans your endpoints for suspicious activity and allows you to monitor and manage your endpoint from the Falcon Platform. Updates are automatic and the sensor works online and off.
Open the console menu. Select Host management and setup → Host dashboard. There are three sample hosts. You should see a host corresponding to the endpoint where the sensor was just installed — that indicates the installation worked.
Once you have logged into your Trial, open the console menu and select Host setup and management → Falcon users → User management. Here, you can add users and manage their roles in the trial.
There are four modules automatically included in the Trial: Falcon Prevent, Falcon X, Falcon Device Control and Falcon Firewall Management. There are eight additional modules you can enable to customize your Trial experience, including: Falcon Insight, Falcon Horizon, Falcon Sandbox, Falcon Discover, Falcon Spotlight, Falcon Forensics and Falcon for Mobile.
To test individual modules, open the console menu, select CrowdStrike Store → CrowdStrike Apps. Choose the module you want to test, then click Try it for free. Note that some modules require another module to function properly. You can see dependencies for each module on the page under Falcon Requirements. It may take up to 30 minutes for all modules to become fully functional.
Yes. The CrowdStrike Falcon Prevent module is a fully certified AV replacement solution and allows organizations to confidently replace their existing legacy AV.
Falcon Prevent incorporates identification and prevention of known malware, machine learning for unknown malware, exploit blocking and advanced Indicator of Attack (IOA) behavioral techniques to protect against attacks whether your endpoints are online or offline. Falcon Prevent also features integration with Windows System Center, for organizations who need to prove compliance with appropriate regulatory requirements.
Yes. CrowdStrike Falcon can help organizations in their efforts to meet numerous compliance and certification requirements. Falcon has received third-party validation for the following regulations: PCI DSS v3.2 | HIPAA | NIST | FFIEC | PCI Forensics | NSA-CIRA | SOC 2 | CSA-STAR | AMTSO | AV Comparatives.
Yes. As long as the lightweight sensor has been installed, it will use prevention technologies to protect your endpoints whether they are online or offline. Those technologies include machine learning to protect against known and zero-day malware, exploit blocking, hash blocking and CrowdStrike’s behavioral artificial intelligence heuristic algorithms, known as Indicators of Attack (IOAs).
Falcon Prevent uses an array of complementary prevention and detection methods to protect against ransomware:
- Blocking of known ransomware
- Exploit blocking to stop the execution and spread of ransomware via unpatched vulnerabilities
- Machine learning for detection of previously unknown “zero-day” ransomware
- Indicators of Attack (IOAs) through behavioral analysis to identify and block additional unknown ransomware, as well as new categories of ransomware that do not use files to encrypt victims’ data
Yes, Falcon Prevent offers powerful and comprehensive prevention capabilities. Falcon Prevent can stop execution of malicious code, block zero-day exploits, kill processes and contain command and control callbacks.
No. CrowdStrike Falcon delivers next-generation endpoint protection via the cloud — a key element of “next gen” is reducing overhead, friction and cost in protecting your environment. There is no on-premises equipment to be maintained, managed or updated. The Falcon sensor is unobtrusive in terms of endpoint system resources and updates are seamless, requiring no re-boots. The Falcon web-based management console provides an intuitive and informative view of your complete environment.
A red banner at the top of the platform will indicate the number of days left in your free Trial. At the end of this period, access to the CrowdStrike Falcon UI will be terminated. However, if you’d like to extend your time or have additional questions, you can contact the Trial Team.
- Log in to your CrowdStrike account
- Select Host management and setup → Sensor downloads → Tool Downloads
- Download the installation tool that corresponds with your OS
- After downloading you will need your “maintenance token” to validate the approval to uninstall
- Navigate to Hosts management and setup and select the Host that you want to remove. A sidebar will open. Click on Reveal maintenance token to obtain the single-use maintenance token needed to uninstall the sensor.