Our website uses cookies to enhance your browsing experience.



Deploying Falcon Prevent across your environment is easy, fast and safe. In this section, we provide tips and best practices for rapid deployment of Falcon Prevent, as well as guidance on how to replace your legacy antivirus with Falcon Prevent.

We recommend deploying Falcon Prevent on as many systems as you can. There are some product features that can be tested successfully by running use cases on a small number of systems. However, key use cases like scalability, ease of management and compatibility can only be tested if you deploy the product to a larger group of systems.

Step-by-Step Instructions

Deployment Scenarios

Replace your existing AV - If you are ready to replace your existing AV solution with Falcon Prevent, there is a simple, two step process.

  • 1. Uninstall your existing AV solution.
  • 2. Deploy Falcon Prevent with the default "Prevention" policy.

Running Falcon Prevent in parallel with existing AV - If you are not ready for an immediate change, Falcon Prevent is designed to run safely alongside your existing AV solution. For optimal experience, we recommend using the detect-only mode until the existing AV solution is uninstalled. This maximizes compatibility and also makes it very easy to see and understand the threats that are bypassing the existing AV solution

  • 1. Deploy Falcon Prevent with the default "Detect Only" policy.
  • 2. Uninstall your existing AV solution.
  • 3. In the Falcon UI, move all the systems from the "Detect Only" policy to the "Prevention" policy.

Password Protected Installation

The Falcon sensor allows you to set a password during installation. Once a password has been set on a host, you must provide that password to unload, uninstall, repair, or manually upgrade the Falcon sensor. This feature makes the sensor more tamper resistant.

Below are the steps to install on Mac with password protection.

1. Include the parameter --password when providing the license for the install. In this example, replace 0123456789ABCDEFGHIJKLMNOPQRSTUV-WX with your CID.
sudo /Library/CS/falconctl license 0123456789ABCDEFGHIJKLMNOPQRSTUV-WX --password

2. When prompted, enter your sensor password.

3. When prompted, confirm your sensor password.

4. After installation, run this command from the Terminal.
sudo /Library/CS/falconctl installguard

More documentation on using and managing password protected installs, see the complete Mac Deployment Guide.


Deploying traditional security products can often take weeks or even months. CrowdStrike regularly has customers deploy tens of thousands of sensors in a day, during business hours, with no interruption to operations or helpdesk calls. There is no hardware to maintain or deploy. There is no need to reboot a system after an install, in fact, the entire process is invisible to the end user. Falcon Prevent can be deployed to Windows, Mac and Linux systems providing broad coverage on critical systems. And once deployed, Falcon Prevent can update on it’s own, eliminating the need for maintenance windows and downtime.