CrowdStrike Falcon

CrowdStrike is automatically installed on Windows and MacOS workstations, as well as Windows and Linux servers. It runs in the background, continuously monitoring the computer’s behavior for patterns that suggest malicious activity.

CrowdStrike also behaves like a traditional antivirus client, scanning the computer for known malicious software or files. When it detects a problem, the sensor will alert Information Security Office analysts and may prevent a malicious process from running or quarantine a malicious file.

CrowdStrike should not disrupt your work, nor noticeably affect your computer’s performance. On a workstation the software is largely invisible, and updates are automated, continuous, and do not require a reboot. The software uses only a very small fraction of your computer’s processing power, memory, and storage.

CrowdStrike records basic data about actions performed on your computer that it uses to identify threat behavior. This may include file and program names, network connections and website traffic, commands such as copying, deleting, renaming, or encrypting files, and the usernames used to access the device. It does not record file contents, actions taken while visiting websites, or the content of emails.

As with any other routinely collected data, the Information Security Office and CrowdStrike administrators will not inspect CrowdStrike data except in the case of a security investigation or incident or during routine maintenance activities.