Legacy antivirus solutions are infamous for their performance impact on systems. Simply installing many of these solutions means sacrificing nearly a gigabyte of disk space, and once it is installed it starts to utilize CPU and memory in a way that is inexplicably high. This often results in end users walking away from their desks to get a cup of coffee and losing productivity while waiting for a scan to complete.
CrowdStrike is fundamentally different. The Falcon Sensor is truly lightweight. It consumes only minimal disk space and completely eliminates the concept of scanning. With that, CPU and memory utilization are drastically lower than legacy solutions. CrowdStrike has built a resource monitor to show you the massive performance gains you can achieve by switching to Falcon Prevent.
1. The CSAV resource monitor
To illustrate the performance improvements over other solutions, CrowdStrike created a utility that gathers key metrics of installed AV solutions - including CrowdStrike and our competitors. It is then easy to see which solution has a lower impact on your machine's performance.
To get started, download the CrowdStrike AV resource monitoring tool.
To get results that allow you to compare your existing AV solution against Falcon Prevent, we recommend that you take the following steps which are outlined in greater detail below:
a. Use a real laptop or desktop (not a lab or virtual machine), with your existing AV solution (or any other AV solution you are evaluating) installed on it.
b. Run the resource monitor to measure your existing AV performance and note the score.
c. Uninstall your existing AV and install the Falcon Sensor (See section 1).
d. Run the resource monitor again to measure Falcon Prevent's performance.
e. Compare the scores from your existing AV with those from Falcon Prevent.
2. Existing AV Performance
In this step, you will measure the performance impact your existing AV has on your system.
a. Open the CSAV resource monitor and accept the license agreement. The tool will automatically pick the right 32bit or 64bit version to run.
b. To simulate a situation where the AV would be "busy", check the "stress test" box below the "Start" button, then click "Start".
c. The Resource Monitor will run and automatically stop after a while. If desired, run the tool in different situations like during a scan or during an update to see how the output during these situations changes.
3. Removing your existing AV
Now it is time to remove the existing antivirus solution from your machine. In many cases, this is simply done via the "add/remove programs" option in the Windows Control Panel. If you are part of a larger organization that uses AV deployment and management tools, you might have to use those tools to remove the product from your machine. At the end of the process, your machine should believe that there is no AV installed and most likely show you a warning under Control Panel > System and Security > Action Center.
Note that on Windows 10 Microsoft Defender might automatically start after you uninstall your current AV solution. No action is needed here. Windows Defender will stand down again once you install the Falcon Sensor.
4. Download and install the Falcon sensor
On the same machine, install the Falcon Sensor as you did per the Installation section of this guide. You can also confirm the prevention policy is enabled, verify the registered AV and run the prevention test file again.
5. CrowdStrike performance
At this point you have verified that Falcon prevent is the active AV solution for your machine and you are ready to run the resource monitor again and compare with the previous test.
Did you notice how much smaller the installation of Falcon Prevent is compared to your existing AV solution?
There are also a few things that are hard to show in a trial like this, but that are very important. For example, Falcon Prevent does not require scheduled scans of your system. No more slow downs in the middle of the day to check for yesterday's malware. Falcon Prevent also does not require daily signature updates that consume bandwidth and hinder productivity. Falcon Prevent protects your systems without impacting their performance or the end users' productivity.In the next section, we will focus on illustrating Falcon Prevent’s effectiveness against all kinds of different threats.