CrowdStrike Falcon Next Generation Antivirus
CrowdStrike Falcon is a next generation antivirus solution designed to mitigate modern computer and network threats. CrowdStrike Falcon replaces traditional antivirus as it utilizes artificial intelligence and a lightweight agent to recognize and block ransomware and other malicious software threats as well as provide visibility into the entire threat lifecycle, allowing Information Security to act quickly and effectively to critical security events on Windows, Mac and Linux devices.
Managed Computing
CrowdStrike Falcon is included with Managed Computing.
Caltech Owned Non-Managed Computers
IMSS strongly advises installing CrowdStrike Falcon on Caltech owned computers that are not managed by IMSS. Note that installation requires administrator rights on the computer. This is the strongest deterrent we have for ransomware and other malicious software. All campus systems should use this to safeguard their systems and data.
Eligibility
| Service | Eligibility | Cost |
|---|---|---|
| CrowdStrike Falcon | Available for all computer systems owned by Caltech. | Free* |
NOTE: CrowdStrike Falcon should NOT be installed on computers not owned by Caltech.
*For some Caltech groups this might be a chargeable service.
Getting Started
Please create a ticket to request access to the installer.
Log in to Caltech Help (request type: IMSS > Information Security > CrowdStrike > Install Help).
Information Security will then provide you with instructions for installing CrowdStrike on your system(s).
FAQs for Computers
CrowdStrike Falcon supports various versions of Windows, Mac, and Linux. For a full list of supported OSs visit CrowdStrike's FAQ page.
Generally, it is not needed nor recommended to continue to run an antivirus software once CrowdStrike Falcon has been installed. You may remove your antivirus software immediately prior to installing CrowdStrike Falcon.
No, CrowdStrike's Falcon sensor design makes it extremely lightweight (consuming 1% or less of CPU) and unobtrusive: there's no UI, no pop-ups, no reboots, and all updates are performed silently and automatically.
Windows 10
- Click on the Windows icon > Settings
- On the left navigation, click on Apps > Installed Apps
- You should see CrowdStrike Falcon Windows Sensor in the apps list.
Mac
After CrowdStrike Falcon is installed on Mac Managed Computers, you will receive the following notification. Click the Options drop-down and select Allow to receive notifications.
To check if CrowdStrike Falcon is installed
- Go to Finder > Go > Applications
- Search for Falcon
No, once CrowdStrike Falcon is installed it will update automatically.
CrowdStrike Falcon uses multiple methods to prevent and detect malware. Those methods include machine learning, exploit blocking and indicators of attack. CrowdStrike should NOT block legitimate applications.
In the event CrowdStrike Falcon blocks a legitimate software/process, please contact Information Security (security@caltech.edu, https://help.caltech.edu) to review the issue. Note that if a software/process is unblocked it can take up to 60 minutes for this change to take effect.
CrowdStrike uploads a log of system events like program launches and network connections to a cloud-based detection infrastructure to analyze and detect threats. When a threat is detected, such as malware or ransomware, additional data collection activities are initiated to better understand the situation and enable a timely response to the event.
In addition, the CrowdStrike sensor that runs on each system includes all the prevention technologies required to protect the computer, whether it is online or offline. Those technologies include machine learning to protect against known and zero-day malware, exploit blocking, hash blocking and CrowdStrike's behavioral artificial intelligence heuristic algorithms, known as Indicators of Attack (IOAs).
Everyday use of Caltech computers is not monitored by the Information Security team. If there are indicators of a compromise, critical events or incidents, Information Security will take necessary steps to mitigate the issue. Information Security will contact the system regarding the event.
Is any other information collected by CrowdStrike?
- CrowdStrike collects and analyzes metadata about the computer and activities – including computer name, user login successes and failures, network information, and operating system and installed software versions.
- CrowdStrike does not access or collect contents files, emails, instant messages.
CrowdStrike will show a pop-up notification to the end-user when the sensor blocks, kills, or quarantines an item. In Windows, these messages will also show up in the Windows Event View under Applications and Service Logs.
CrowdStrike will alert Information Security and the CrowdStrike Managed Detection and Response team of any threats and/or potential compromises. In most cases, these threats can be automatically blocked by CrowdStrike as it has the capability to aid in detection, inspection, impact measurement and mitigation.
- For workstations, system users will note a CrowdStrike message in the event it detects an issue and takes action.
- For servers, Information Security or the CrowdStrike Managed Detection and Response team will contact the system administrator to address and mitigate the issue.
IMSS strongly advises against removing CrowdStrike from Caltech owned computer. If you must un-install CrowdStrike, please contact the IMSS Help Desk for guidance at 626.395.3500, help@caltech.edu, or https://help.caltech.edu (request type: IMSS > Information Security > CrowdStrike > Uninstall Request).
Managed Computing
CrowdStrike cannot be removed from Managed Computing systems.
FAQs for Servers
Yes, IMSS strongly advises that CrowdStrike be installed on Caltech owned servers. Please contact IMSS for guidance and instructions at https://help.caltech.edu (request type: IMSS > Information Security > CrowdStrike > Install Help).
CrowdStrike supports various server versions of Windows and Linux. For a full list of supported OSs visit CrowdStrike's FAQ page.
Yes, CrowdStrike is supported on all cloud platforms. Please contact IMSS for guidance and instructions at https://help.caltech.edu (request type: IMSS > Information Security > CrowdStrike > Install Help).
CrowdStrike can be found in the Task Manager in Windows. Go to the Search bar and type Task Manager.
If it is not running, contact IMSS at https://help.caltech.edu (request type: IMSS > Information Security > CrowdStrike > Install Help).
Check running processes to verify the Falcon sensor is running: ps -e | grep -e falcon-sensor
If it is not running, contact IMSS at https://help.caltech.edu (request type: IMSS > Information Security > CrowdStrike > Install Help).
Questions?
For questions, please submit a request via https://help.caltech.edu (request type: IMSS > Information Security > CrowdStrike).