What is CrowdStrike Falcon?
CrowdStrike Falcon is a cloud-based security tool and it is the default Berkeley Lab antivirus software for Windows and Mac.
CrowdStrike Falcon is different from legacy antivirus because the CrowdStrike Falcon platform:
- Delivers its features through a single, lightweight agent that is managed from the cloud, protecting your system
- Does not scan files but uses real-time process control to monitor executable files, scripts, and network activity allowing it to stop threats more effectively
Why did Berkeley Lab pick CrowdStrike Falcon?
CrowdStrike Falcon provides advanced protection against viruses, malware, ransomware, cyber-attacks, and other malicious activity for Berkeley Lab systems. CrowdStrike Falcon greatly protects your computer from attack.
CrowdStrike Falcon will replace Sophos Antivirus, which will be discontinued on July 20, 2023.
Concerns about CrowdStrike Falcon and Privacy?
See CrowdStrike Falcon and Privacy
How will the transition to CrowdStrike Falcon impact me?
Sophos Anti-virus will be uninstalled, and CrowdStrike Falcon will be installed.
Can I use CrowdStrike Falcon on my personal computer?
Not generally. For non-LBL-issued computers, you will need to install a personal Antivirus solution. However, personal computers that are durably on the Lab network and/or regularly used to conduct work for Berkeley Lab must install Crowdstrike.
Where to download CrowdStrike Falcon?
Download CrowdStrike Falcon from https://software.lbl.gov/.
How to install or uninstall CrowdStrike Falcon?
See Install/Uninstall CrowdStrike Falcon.
Why a maintenance token is necessary to uninstall CrowdStrike Falcon?
The purpose of the maintenance token is to protect CrowdStrike Falcon from unauthorized uninstallation by malicious software disguised as a user’s action.
What Operating Systems are supported?
- Windows 10 and Windows 11
- Supported versions of Windows Server
- macOS 12 and above
- See Supported Operating Systems Full List for more details
What are some of the requirements to install CrowdStrike Falcon?
- See the "What Operating Systems are supported?" section above
- Connection to the Internet
Note: If you would like assistance because your system does not meet the listed requirements, please email [email protected] and include the following:
- Project-Activity ID number
- DOE number of the computer
When will Linux be supported?
Linux will not be supported. Feel free to install an Antivirus of your choice if you would like.
Does the CrowdStrike Falcon macOS installer work for Intel, M1, and M2 chipsets?
Yes, the CrowdStrike Falcon macOS installer is a universal binary and will work on Intel and Apple Silicon (M1 and M2) chipsets.
How to check if CrowdStrike Falcon is working on a system?
See Is CrowdStrike Falcon Running?
How to uninstall Sophos Antivirus?
You do not need to uninstall Sophos Antivirus, the CrowdStirke Falcon installer will uninstall Sophos Antivirus.
I received a notification saying I do not have virus protection during the CrowdStrike Falcon installation, should I worry?
No, because Crowdstrike Falcon is a cloud-based product while Sophos is locally installed, there may be a brief lag time the Windows system thinks there is no antivirus installed, prompting the Windows Security Center notification. Once CrowdStrike Falcon is fully installed and configured, those will go away.
How do I know if Crowdsrike finds something?
A notification will pop up on your system just like any other notification from other software. Windows notifications will be on the bottom right, and Macs will be on the upper right by default.
Who do I talk to if CrowdStrike Falcon is potentially interfering with my work? (Generates a false positive notification.)
Interference with your work is unlikely as we’ve talked with other organizations that use CrowdStrike Falcon, and they reported very low false positives. However, there may be a few as we start rolling out CrowdStrike.
If you need assistance, please email [email protected] and include the following:
- Computer name
- DOE number of the computer
- Time and date of the notification
- Berkeley Lab username and employee ID number
Does CrowdStrike Falcon run in the background, and is there any way the user can manage it?
CrowdStrike Falcon runs in the background automatically, and there is no user-accessible interface. This is to improve security. If someone compromises your computer, they can not disable CrowdStrike Falcon.
Does CrowdStrike Falcon manages the firewall on the computer?
CrowdStrike Falcon is capable of enforcing firewall policies. However, the Crowdstrike team is not currently enforcing firewall policies through CrowdStrike Falcon.
With CrowdStrike Falcon, will BigFix still be needed?
Yes, BigFix is an endpoint management tool used to help automate workstation support processes. CrowdStrike Falcon is an endpoint protection tool.
Does CrowdStrike Falcon run on iOS and Android?
CrowdStrike Falcon works on iOS 13 or higher and Android version 8 or higher. The use of CrowdStrike Falcon on mobile devices is not provided by Berkeley Lab IT.
Will CrowdStrike Falcon slow down my computer?
Unlike traditional antivirus, the software does not scan your hard drive, so there is less impact just by the architecture differences. There is no perceptible performance impact on your computer. The sensor’s design makes it incredibly lightweight (consuming 1% or less of CPU) and unobtrusive: there’s no UI, fewer reboots, and all updates are performed silently and automatically when possible.
How to recover files quarantined by CrowdStrike Falcon?
See Recover Files quarantined by CrowdStrike Falcon.