Crowdstrike EDR Pre-installation task
To add an exclusion for a specific localhost port in CrowdStrike Falcon, you would typically do this by creating a custom firewall rule within the Falcon Firewall Management interface.
Here's a brief overview of the steps:
1. Log in to CrowdStrike Falcon Console and navigate to the Firewall Management section under the 'Configuration' app.
2. Select or create a firewall policy that applies to the systems where you want to allow the localhost port.
3. Add a new firewall rule within this policy: Action: Set to Allow. Direction: Specify if the traffic is inbound, outbound, or both. Protocol: Choose TCP, UDP, or both, depending on your needs. Local Address: Set this to 127.0.0.1 to target the localhost. Remote Address: If needed, also set this to 127.0.0.1 to limit the rule strictly to localhost communications. Port: Enter the specific port number you want to allow (e.g., 8080).
4. Save and deploy the updated policy to the relevant hosts.
If your installation is not successful and either the install of the sensor was prevented or if the installation was success but the "flurp is grey, then perhaps you need to try the full Crowdstrike Exception found here: https://ops.netarx.com/knowledge-base/crowdstrike-exception