Host-Based Process Inspection
How To Read
Details of usage and reported results can be found in the About CrowdInspect section of the tool once launched.
How To Install
There is no installer for this tool. Simply unzip the contents of the downloaded ZIP file into a location of your choosing and launch it directly from there. Similarly for uninstalling; simply delete the file(s) you extracted by moving them to the Recycle Bin or permanently deleting them. It is possible there may be a very small number of elements that remain in the Registry. These can be safely ignored or manually deleted by using a registry editing tool (e.g. regedit) and navigating to
HKEY_CURRENT_USERSoftwareCrowdStrike and noting the name of the tool there and removing the branch.
CrowdInspect Software License Agreement
Please read this software license agreement carefully before downloading or using CrowdInspect (the software). By clicking on the “Accept” button, opening the package, downloading the product, or using the equipment that contains this product, you are consenting to be bound by this agreement. If you do not agree to all of the terms of this agreement, click the “Decline” button and the installation process will not continue, and do not otherwise download or install the product.
What Is CrowdInspect?
CrowdInspect is a free community tool for Microsoft Windows systems that helps alert you to the presence of potential malware on your network. It is a host-based process inspection tool utilizing multiple sources of information to detect untrusted or malicious process and network-active applications. Beyond simple network connections, CrowdInspect associates the connection entry with the process that is responsible for that activity. CrowdInspect captures process name, the entry’s process ID number, local port, local IP address, remote port, remote IP address and reverse resolved DNS name of the remote IP address.
CrowdInspect records details of any entry that is associated with a remote IP address and maintains a chronological list of those accessed. You may click the “Live/History” toolbar button to switch between the regular live process window and the network history list window.
Please review our Privacy Notice at
1. Single User License Grant:†
CrowdStrike, Inc. (Company) grants to You (“You”) a nonexclusive and nontransferable license to use the Software in object code form.
EXCEPT AS EXPRESSLY AUTHORIZED ABOVE, YOU SHALL NOT: MODIFY THE SOFTWARE; REVERSE COMPILE OR REVERSE ASSEMBLE ALL OR ANY PORTION OF THE SOFTWARE; OR RENT, LEASE, DISTRIBUTE, SELL, OR CREATE DERIVATIVE WORKS OF THE SOFTWARE.
2. Proprietary Rights.
You agree that aspects of the Software, including the specific design and structure of individual programs and routines, constitute trade secrets and/or copyrighted material of Company. You agree not to disclose, provide, or otherwise make available such trade secrets or copyrighted material in any form to any third party without the prior written consent of Company. You agree to implement reasonable security measures to protect such trade secrets and copyrighted material. Title to Software and documentation shall remain solely with Company.
3. NO WARRANTY.
THE SOFTWARE IS PROVIDED AS IS WITHOUT ANY WARRANTY WHATSOEVER. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS, AND WARRANTIES INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE, ARE HEREBY EXCLUDED TO THE EXTENT ALLOWED BY APPLICABLE LAW. IN NO EVENT WILL COMPANY OR ITS SUPPLIERS BE LIABLE FOR ANY LOST REVENUE, PROFIT, OR DATA, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL, OR PUNITIVE DAMAGES HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY ARISING OUT OF THE USE OF OR INABILITY TO USE THE SOFTWARE EVEN IF COMPANY OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
4. PRIVACY AND DATA PROTECTION, NO OPT-OUT
THERE IS NO OPT-OUT OPTION AVAILABLE FOR THE INFORMATION COLLECTION AND USE EXPRESSED IN THIS AGREEMENT OTHER THAN UNINSTALLING THE SOFTWARE EXCEPT FOR SPECIFIED FEATURES. BY INSTALLING THE SOFTWARE AND ACCEPTING THESE TERMS, YOU AGREE TO THE COLLECTION, USE, COPYING, BACKUP, AND STORAGE BY COMPANY, ITS SERVICE PROVIDERS, AND OTHER THIRD PARTIES, OF CERTAIN DATA TRANSMITTED IN CONNECTION WITH THE SOFTWARE’S USE.
4.1 WHAT INFORMATION DOES CROWDINSPECT COLLECT AND TRANSMIT TO COMPANY OR OTHER THIRD PARTIES?
CrowdInspect utilizes Company’s and several third party sources of information to determine the reputation of suspected malicious processes by using the file information and the reputation of the domain name to which it is connecting. For each entry discovered and transmitted by CrowdInspect, the Software collects and transmits — and Company may retain and use — the full directory, file name, SHA256 hash, /create/ timestamp of the above; /last accessed/ timestamp; /last write/ timestamp; digital signature information, as well as your connection information. Third party sources that are queried to determine the reputation of the domain name receive, and may retain and use, file hash and domain name information. If enabled, the “unknown file upload” feature will share process-related executable files with a third party threat analyzer, Hybrid Analysis, which makes the file metadata publicly available and allows Hybrid Analysis partners to download the files. Prior to using the “unknown file upload” feature, it is important to consider whether process-related executables running on your machine may include confidential information, such as that sometimes found in custom software.
The data collected and transmitted may change together with changes to the Software’s features, functionality, and user interface, but will not materially vary in kind from the types of information described above without an update to this Agreement. Should the Company significantly change or amend these terms from time to time, it will notify you, either through the user interface, in an email notification, or through other reasonable means, including through the Company’s website. Your use of the Software after the date the change becomes effective will be your consent to the changed terms. If you do not agree to the changes, you must stop using the Software.
5. Term and Termination.
This License is effective until terminated. You may terminate this License at any time by destroying all copies of Software including any documentation. This License will terminate immediately without notice from Company if You fail to comply with any provision of this License. Upon termination, You must destroy all copies of Software.
6. Import Regulation and Export Control.
The Software, including technical data, is subject to U.S. export control laws, including the U.S. Export Administration Act and its associated regulations, and may be subject to export or import regulations in other countries. You agree to comply strictly with all such regulations and acknowledges that You have the responsibility to obtain licenses to export, re-export, or import Software.
7. Governing Law.
This License shall be governed by and construed in accordance with the laws of the State of California, United States of America, as if performed wholly within the state and without giving effect to the principles of conflict of law. If any portion hereof is found to be void or unenforceable, the remaining provisions of this License shall remain in full force and effect. This License constitutes the entire License between the parties with respect to the use of the Software.
8 . Uninstall.
CrowdInspect does not need to be uninstalled. It does not have a separate uninstaller. Instead, all you need to do to remove it is to move it to the Recycle Bin and empty the Recycle Bin or delete it. You may also remove the “HKEY_CURRENT_USER\Software\Crowdstrike\CROWDINSPECT\” registry branch using Regedit or a similar tool.
For technical information on installation, policy configuration and more, please visit the CrowdStrike Tech Center.Visit the Tech Center