CrowdStrike Sensor

Applies to: Agent version10.0.47390.40

As soon as a CrowdStrike Sensor is installed on endpoints, it actively scans for threats without the user scheduling or starting a scan. The safest method is to set up exclusions and assign a policy to endpoints BEFORE installing the agent.  

NOTE: We cannot guarantee our instructions are compatible with your updated program. Always check the Help for an antivirus program if you have questions. Be sure to re-enable any firewalls or scanning that you disable during installation once the agent is successfully installed.

  1. Set up Host Group and assign a CrowdStrike Firewall policy to endpoints.
    Open a browser and login to the CrowdStrike Console.
    Click the top-left menu icon to open the sidebar menu.
    Select Endpoint Security  > Firewall > Policies >Windows Policies.
    Create a new policy to assign to a Group of hosts or All Hosts where Interguard will be installed.  Create a CrowdStrike Policy
  2. Edit the new Firewall Policy to allow inbound and outbound traffic.
    This allows communication between the endpoint devices and the Interguard server.
    Firewall Policy
  3. Navigate to Exclusions.
    Select Endpoint Security > Configure > Exclusions.
  4. Add a Machine Learning Exclusion for your Interguard folder.
    Under Machine Learning Exclusions, press Create exclusion. Choose your Group or All hosts. Press Next.
  5. Configure the exclusion. 
    Check to exclude the folder both from Detections and preventions and Uploads to CrowdStrike.
    Enter the following folders: 
    Windows\SysWOW64\winipdat\**
    Windows\System32\winipdat\**
    Windows\winipbin-install\**
    Windows\winipbin\**

    Do not use a drive letter (C:\ ) or an initial slash. The ** wildcard recursively matches any number of characters in the named directory and all subdirectories.
    Select detections and enter folder name
  6. Press Create Exclusion.
    Repeat the steps for each folder.

Set a Machine Learning Exclusion

  1. Add the same exclusions to Sensor Visibility Exclusions.
    Under Sensor Visibility Exclusions, press Create exclusion, choose hosts to target, and press Next to enter the folder name as you did before:
    Create sensor visibility exclusion
    Press Create Exclusion. The Interguard folders are now excluded from CrowdStrike's Machine Learning and Sensor Visibility. It should be safe to install the agent.
    Set a Sensor Visibility Exclusion

Install the agent

  1. If you wish, run a CrowdStrike scan on the endpoint device.
    This ensures nothing else is causing problems at the device.
  2. Download the  Windows Agent.  
    Select Admin | Download Agents. Follow the wizard steps to generate and download the Windows Installer. 
  3. Run the *.exe file "as Administrator." 
    When the installation is complete, the device restarts, and the the downloaded installer is removed. Re-enable scanning and firewall protections at the endpoint device.

Updated: 07/25/2024