In this section, you will download the Falcon sensor and install on your first system. Installing Falcon Prevent is much easier than installing legacy antivirus solutions. First, it is important to recognize that you do not need to set up a management console. Falcon Prevent is cloud-delivered, so the backend infrastructure is already up and running. You will never have to worry about speed or scale. The installer is small, so it downloads faster and is easier to deploy. It happily co-exists with other endpoint security solutions and the installation is invisible to the end user. It does not even require a reboot. Also, the installation process is the same whether you are installing on a workstation, server, laptop, virtual instances on premise or virtual instances in the cloud.
We recommend doing this test scenario on your personal laptop or desktop. There is no malware used in this scenario. If you already have an existing antivirus solution in place, there is no need to remove it (yet). In fact, it is better to keep it in place so that you can measure its performance and compare it to Falcon Prevent in the next section.
1. Download and install the Falcon sensor
This section will walk you through your first sensor download and install. Because CrowdStrike Falcon is 100% cloud delivered, there is no need to setup any infrastructure. All you have to do is install the small sensor and you can immediately generate your first detection.
a. Right after your login you can click on "Download Sensor" to be taken to the Hosts > Sensor Downloads page.
Click the Download button
Then copy the Customer ID checksum (you’ll need this during the install).
b. Launch the Installer to begin the sensor installation process.
Accept the license agreement.
Paste the customer ID and checksum and continue with "Install".
After the installation is complete click "Close".
2. Verify the sensor in the Falcon UI
This step is meant to ensure that your newly installed sensor has connected to the cloud and that it is ready for the subsequent tests.
In the Falcon UI go to Hosts > Host Management and verify that you see your hostname listed. The "Prevention Policy" column should show "Default- Detect Only" as the assigned policy. In some cases, it might take a few minutes before you see your host fully registered.
3. Generate your first detection
To see an example of what a detection alert looks like in Falcon Prevent, we will run a harmless test command on your computer:
a. Open a command prompt (Windows cmd.exe)
b. Type or copy and paste this command:
choice /M crowdstrike_sample_detection
c. Switch back to the Falcon UI and go to Activity > Detections to inspect the new alert.
You are done!
Congratulations, you now have your first fully functional Falcon Prevent installation up and running. While the sensor is currently in "detect only" mode, it is already augmenting your existing endpoint solution.
In this section, you downloaded and installed Falcon Prevent. Did you notice that the sensor was small, took very little time to download, and didn’t require a reboot? This is because CrowdStrike’s unique architecture allows us to provide all the functionality of a traditional antivirus solution while consuming a fraction of the system resources.
Now, let’s look closer at the performance benefits provided by Falcon Prevent.