![]() Verify that your host trusts CrowdStrike's certificate authority.LMHosts may be disabled if you've disabled the TCP/IP NetBIOS Helper on your host. Verify that your host's LMHost service is enabled.If your host uses an endpoint firewall, configure it to permit traffic to and from the Falcon sensor.If your host uses a proxy, verify your proxy configuration.Verify that your host can connect to the internet.If your host can't connect to the CrowdStrike Cloud, check these network configuration items: Host Can't Connect to the CrowdStrike Cloud If your host uses a proxy, the Foreign Address shows the proxy address instead of the CrowdStrike Cloud address. The full documentation (linked above) contains a full list of CrowdStrike cloud IPs. (Press CTRL-C to exit the netstat command.) In the example above, the "ec2-." addresses indicate a connection to a specific IP address in the CrowdStrike cloud. Proto Local Address Foreign Address State. Host: Run the following command from a command line with administrative privileges: netstat -f After a few moments-perhaps among other lines with information from other communications-you should see lines similar to the following:.You can see the specific information for your device on the device's Details tab. You can see the timing of the last and next polling on the Planisphere Data Sources tab. Planisphere: If a device is communicating with the CrowdStrike Cloud, Planisphere will collect information about that device on its regular polling of the CrowdStrike service. ![]() You can verify that the host is connected to the cloud using Planisphere or a command line on the host. DHCP Client, if you use Web Proxy Automatic Discovery (WPAD) via DHCP.LMHosts (may be disabled on your host if the TCP/IP NetBIOS Helper service is disabled).The sensor can install, but not run, if any of these services are disabled or stopped: Please see the installation log for details." If required services are not installed or running, you may see an error message in the sensor's logs: "A required Windows service is disabled, stopped, or missing. If the sensor doesn't run, confirm that the host meets our system requirements (listed in the full documentation, found at the link above), including required Windows services. If you do not see output similar to this, please see Troubleshooting General Sensor Issues, below. SERVICE_NAME: csagent TYPE : 2 FILE_SYSTEM_DRIVER STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 To validate that the Falcon sensor for Windows is running on a host, run this command at a command prompt: If you need a maintenance token to uninstall an operating sensor or to attempt upgrading a non-functional sensor, please contact your Security office for assistance. With Tamper Protection enabled, the CrowdStrike Falcon Sensor for Windows cannot be uninstalled or manually updated without providing a computer-specific "maintenance token". Duke's CrowdStrike Falcon Sensor for Windows policies have Tamper Protection enabled by default. Please see the installation log for details."Īn installation log with more information should be located in the %LOCALAPPDATA%\Temp directory for the user attempting the install.Īlso, confirm that CrowdStrike software is not already installed. If required services are not installed or running, you may see an error message: "A required Windows service is disabled, stopped, or missing. If the sensor installation fails, confirm that the host meets the system requirements (listed in the full documentation, found at the link above), including required Windows services. If you have questions or issues that this document doesn't address, please submit a ServiceNow case to "Device Engineering - OIT" or send an email to Sensor Installation Installing this software on a personally-owned will place the device under Duke policies and under Duke control.įull Documentation and Further AssistanceĪ recent copy of the full CrowdStrike Falcon Sensor for Windows documentation (from which most of this information is taken) can be found at (Duke NetID required). Please do NOT install this software on personally-owned devices. ![]() NOTE: This software is NOT intended for use on computers that are NOT owned by Duke University or Duke Health. Troubleshooting the CrowdStrike Falcon Sensor for Windows
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |