X

Our website uses cookies to enhance your browsing experience.

CONTINUE TO SITE >

INSTALLATION GUIDE

The installation process is the same whether you are installing on a workstation, server, laptop, virtual instances on-premise or virtual instances in the cloud.

Step-by-step instructions

Estimated Time

10 minutes

Requirements

Typical device, Mac or Windows OS and Google Chrome browser

Before you begin, be sure to uninstall your existing AV solution.

An approved trial is required in order to utilize this guide. If you have not registered yet please do so here.

Windows
Mac

1Download and install the Falcon sensor


  • Navigate to Sensor Downloads page.
  • Copy the Customer ID checksum (you’ll need to enter this value when installing)
  • Click the Download button.

  • Run the downloaded installer on the target computer to begin the installation process.
  • Accept the license agreement and paste the customer ID checksum you copied earlier.
  • Click Install to continue.

Falcon keeps a low profile and does not show a Windows system tray icon or Application in Mac. You can ensure that your newly installed sensor is running and has connected to the cloud via the Falcon interface.

2Verify the sensor installation in the Falcon interface


  • In the Falcon interface, go to Hosts Host Management.

  • Verify that you see the test computer’s hostname listed. The Prevention Policy column should show platform_default as the assigned policy.
  • In some cases, it might take a few minutes before you see your host; refresh the page if needed.

3Verify registered AV


Within Windows, you can verify that Falcon Prevent is the active anti-virus product for the system.

  • Locate the Security and Maintenance section of the Windows Control Panel.
  • Depending on your version of Windows, it may be easiest to search for Security and maintenance.
  • Review the Security Section. You may need to dismiss existing notifications and/or expand the Security Section in order to locate the Virus protection section.
  • Confirm that CrowdStrike Falcon is listed under Virus protection.

This step does not apply to Windows Server installations: Windows Server does not feature a control panel module that shows virus protection status.

4Adding team members (optional)


  • If you would like to add additional team members to your account you can do so under User Management section.
  • Click the plus sign in the top right corner and complete the user’s information and select their role.

You can only add users with the same email domain as the one you used to register for the trial. If you need to add additional email domains you can do so after purchasing.

  • After clicking add user you should see this new user under Users.


1Download and install the Falcon sensor


  • Navigate to Sensor Downloads page.
  • Copy the Customer ID checksum (you’ll need to enter this value when installing).
  • Click the Download button.

  • Run the sensor installer on your device in one of these ways: Double-click the .pkg file, or
    run this command at a terminal, replacing with the path and file name of your installer package.
    sudo installer -verboseR -package -target /
  • When prompted enter your computer’s administrator credentials.
  • Review the Security Section. You may need to dismiss existing notifications and/or expand the Security Section

macOS 10.13 High Sierra and later: Apple requires kernel extensions to be approved before being loaded. We recommend that you use Apple’s MDM to approve the com.crowdstrike.sensor kernel extension before installing.

  • Open a terminal and run the command: sudo /Library/CS/falconctl license 0123456789ABCDEFGHIJKLMNOPQRSTUV-WX (replacing 0123456789ABCDEFGHIJKLMNOPQRSTUV-WX with your Customer ID copied earlier)
  • When prompted, enter your local machine’s admin password.
  • After entering the credential for installation, you’re prompted to approve kernel extension from Security & Privacy pane as shown below.

If you are using an MDM you can follow the installation process noted in our support portal located here.

  • Approve the Kernel Extension: Open Apple System Preferences > Security & Privacy.

  • Select the General Tab. Click the lock in the lower left corner to unlock the settings.
  • Click Allow for system software from developer “CrowdStrike Inc.” was blocked from loading.

2Grant Full Disk Access


  • Provide full disk access to falcond on the host: Open Apple System Preferences > Security & Privacy.
  • Select the Privacy tab. If privacy settings are locked click the lock icon in the lower-left corner and enter your device password.
  • In the left pane, select Full Disk Access.
  • In the right pane, click the + icon. Navigate to /Library/CS/falcond (use Cmd-Shift-G in dialog to type in path).
  • Click Open. Click Quit Now.
  • Click the lock in the lower-left corner to re-lock privacy settings.

3Confirm that the sensor is running


  • Run this command at a terminal: sysctl cs

4Verify sensor visibility in the cloud


  • In the Falcon Interface go to Host Management and verify that you see your hostname listed.
  • The “Prevention Policy” column should show “platform_default” as the assigned policy.
  • In some cases, it might take a few minutes before you see your host fully registered.

5Generate your first detection


  • To see an example of what a detection alert looks like in Falcon Prevent, run a harmless test command on your computer:
  • Open a terminal
  • Type or copy and paste this command: /bin/echo crowdstrike_sample_detection

  • Switch back to the Falcon Interface and go to Detections to inspect the new alert.

Need help?

If you have any questions, reach out and we'll be in touch soon.

TAKE-AWAYS

In this section, you downloaded and installed Falcon Prevent. Did you notice that the sensor was small, took very little time to download, and didn’t require a reboot?

This is because CrowdStrike’s unique architecture allows us to provide all the functionality of a traditional antivirus solution while consuming a fraction of the system resources.

Next, let’s look at the Falcon interface to see how detections will appear.

Was This Section Helpful?

Your feedback is highly appreciated and will help us to improve our ability to serve you and other users of our web sites. Please send feedback about this section of the trial guide to falcontrial@crowdstrike.com.