After logging into Falcon for the first time, you’ll see a brief orientation and then be guided to download the Falcon sensor.
Installing Falcon Prevent is a lot easier than installing standard antivirus solutions. Falcon Prevent is cloud-delivered, so the backend infrastructure is already up and running; you do not need to set up a management console. The installation process is the same whether you are installing on a workstation, server, laptop, virtual instances on-premise or virtual instances in the cloud.contact us. We recommend installing on a typical laptop or desktop in your organization that is connected to the Internet. There is no malware used in this scenario, but we will start in full prevention mode. IMPORTANT: Before you begin, be sure to uninstall your existing AV solution. Later, we will review how using “detect only” mode allows for coexistence and easy deployment transitions.
b. Run the sensor installer on your device in one of these ways:Double-click the .pkg file, or Run this command at a terminal, replacing
c. When prompted, enter administrative credentials for the installer.macOS 10.13 High Sierra and later: Apple requires kernel extensions to be approved before being loaded. We recommend that you use Apple's MDM to approve the com.crowdstrike.sensor kernel extension before installing. If your organization is unable to use MDM, then follow the OS prompts to manually approve the kernel extension after licensing. Manual approval must happen on the host, as Apple prevents admins from remotely approving kernel extensions.
d. Use the command below to run falconctl, installed with the Falcon sensor, and provide your customer ID checksum (CID). In this example, replace 0123456789ABCDEFGHIJKLMNOPQRSTUV-WX with your CID.
sudo /Library/CS/falconctl license 0123456789ABCDEFGHIJKLMNOPQRSTUV-WX
2. Confirm that the sensor is running
Run this command at a terminal:
The output shows a list of details about the sensor, including its agent ID (AID), version, customer ID, and more.
3. Verify sensor visibility in the cloud
In the Falcon Interface go to Host Management and verify that you see your hostname listed. The "Prevention Policy" column should show "platform_default" as the assigned policy. In some cases, it might take a few minutes before you see your host fully registered.
4. Generate your first detection
To see an example of what a detection alert looks like in Falcon Prevent, run a harmless test command on your computer:
a. Open a terminal
b. Type or copy and paste this command: