CrowdStrike Falcon is a cloud-based security tool and it is the default Berkeley Lab antivirus software for Windows and Mac.
CrowdStrike Falcon is different from legacy antivirus because the CrowdStrike Falcon platform:
CrowdStrike Falcon provides advanced protection against viruses, malware, ransomware, cyber-attacks, and other malicious activity for Berkeley Lab systems. CrowdStrike Falcon greatly protects your computer from attack.
CrowdStrike Falcon will replace Sophos Antivirus, which will be discontinued on July 20, 2023.
See CrowdStrike Falcon and Privacy
Sophos Anti-virus will be uninstalled, and CrowdStrike Falcon will be installed.
Not generally. For non-LBL-issued computers, you will need to install a personal Antivirus solution. However, personal computers that are durably on the Lab network and/or regularly used to conduct work for Berkeley Lab must install Crowdstrike.
Download CrowdStrike Falcon from https://software.lbl.gov/.
See Install/Uninstall CrowdStrike Falcon.
The purpose of the maintenance token is to protect CrowdStrike Falcon from unauthorized uninstallation by malicious software disguised as a user’s action.
Note: If you would like assistance because your system does not meet the listed requirements, please email help@lbl.gov and include the following:
Linux will not be supported. Feel free to install an Antivirus of your choice if you would like.
Yes, the CrowdStrike Falcon macOS installer is a universal binary and will work on Intel and Apple Silicon (M1 and M2) chipsets.
See Is CrowdStrike Falcon Running?
You do not need to uninstall Sophos Antivirus, the CrowdStirke Falcon installer will uninstall Sophos Antivirus.
No, because Crowdstrike Falcon is a cloud-based product while Sophos is locally installed, there may be a brief lag time the Windows system thinks there is no antivirus installed, prompting the Windows Security Center notification. Once CrowdStrike Falcon is fully installed and configured, those will go away.
A notification will pop up on your system just like any other notification from other software. Windows notifications will be on the bottom right, and Macs will be on the upper right by default.
Interference with your work is unlikely as we’ve talked with other organizations that use CrowdStrike Falcon, and they reported very low false positives. However, there may be a few as we start rolling out CrowdStrike.
If you need assistance, please email help@lbl.gov and include the following:
CrowdStrike Falcon runs in the background automatically, and there is no user-accessible interface. This is to improve security. If someone compromises your computer, they can not disable CrowdStrike Falcon.
CrowdStrike Falcon is capable of enforcing firewall policies. However, the Crowdstrike team is not currently enforcing firewall policies through CrowdStrike Falcon.
Yes, BigFix is an endpoint management tool used to help automate workstation support processes. CrowdStrike Falcon is an endpoint protection tool.
CrowdStrike Falcon works on iOS 13 or higher and Android version 8 or higher. The use of CrowdStrike Falcon on mobile devices is not provided by Berkeley Lab IT.
Unlike traditional antivirus, the software does not scan your hard drive, so there is less impact just by the architecture differences. There is no perceptible performance impact on your computer. The sensor’s design makes it incredibly lightweight (consuming 1% or less of CPU) and unobtrusive: there’s no UI, fewer reboots, and all updates are performed silently and automatically when possible.
See Recover Files quarantined by CrowdStrike Falcon.