CrowdStrike Prerequisites

Whitelist URLs CrowdStrike does not support Proxy Authentication. Depending on your network
environment, you may need to whitelist traffic to and from our cloud's network addresses.

https://ts01-b.cloudsink.net
https://lfodown01-b.cloudsink.net
https://ts01-gyr-maverick.cloudsink.net
https://lfodown01-gyr-maverick.cloudsink.net

Services
These services must be installed and running:
LMHosts
Note: LMHosts might be disabled on your host if the TCP/IP NetBIOS Helper service is disabled.
Network Store Interface (NSI)
Windows Base Filtering Engine (BFE)
Windows Power Service (sometimes labelled Power)

Ensure Internet Access During Installation

Each host must be able to connect to the CrowdStrike Cloud during installation. If the host can't contact
our cloud, it will retry the connection for 10 minutes. After that, the host will automatically uninstall its
sensor.

Avoid Interference with Certificate Pinning

The Falcon sensor uses certificate pinning to defend against man-in-the-middle attacks. Some network
configurations, such as deep packet
inspection, interfere with certificate validation. Disable deep packet inspection (also called "HTTPS
interception," "TLS interception," or "SSL inspection") or similar network configurations. Common
sources of interference with certificate pinning include antivirus systems, firewalls, or proxies.

Allow TLS traffic

After agent installation, an agent opens a permanent TLS connection over port 443 and keeps that
connection open until the endpoint is turned off or the network connection is terminated.
The Falcon sensor requires TLS 1.2 to communicate with the CrowdStrike cloud. Other protocols,
including SSL or earlier versions of TLS, are not supported.
For GPO Deployment:

• Disable the Windows Defender (Optional).

• We (Dhanyaayai Team) will provide installation script.
• Require the AD team to arrange the scheduling of the sensor installation task..

Note: AD team need on the day of implementation.