Skip to content
English - United States
More support
  • There are no suggestions because the search field is empty.

Crowdstrike Exception

Introduction

This guide outlines the process for creating an exception in CrowdStrike Falcon to allow Sensor installation on laptops or desktops. By configuring custom exclusion policies, you can ensure that specific applications, processes, or paths are not incorrectly flagged as threats.

 

Steps to Create an Exception in CrowdStrike Falcon EDR

1. Log in to the CrowdStrike Falcon Console

  • Go to the CrowdStrike Falcon console.
  • Use your credentials to log in.

2. Navigate to the Policy Section

  • Click on the Configuration tab in the left-hand menu.
  • Under the Configuration menu, click on Prevention Policies.

3. Select the Appropriate Policy

  • Choose the policy that applies to the endpoints where you need to create an exception.
  • Click on the policy to open and edit its settings.

4. Go to the Exclusions Tab

  • Within the policy settings, navigate to the Exclusions tab.
  • Here, you can add new exclusions based on paths, certificates, hashes, or processes.

5. Add a Custom Exclusion

To exclude the authentication product, add one or more of the following exclusions based on what is being flagged:

  • File Path Exclusion: Use this if CrowdStrike flags specific files from the authentication product. 
    C:\Program Files\AuthProduct\
  • Process Exclusion: Use this if the product runs specific processes flagged by CrowdStrike. 
    AuthProduct.exe
  • Certificate Exclusion: Use this if the product is signed by a trusted certificate.

6. Save and Apply the Policy

  • After adding the necessary exclusions, save the policy.
  • Ensure that the updated policy is applied to the relevant groups or systems.

7. Test the Exception

  • Confirm that the exception is effective by testing the functionality of the authentication product following the policy update.
  • Continuously monitor for any false positives and refine the exclusions as needed.

 

Conclusion

Creating targeted exceptions in CrowdStrike Falcon reduces the risk of false positives while maintaining endpoint security. It is essential to thoroughly test exceptions after implementation and monitor the system regularly. Adjust exclusion policies proactively to ensure that legitimate software functions properly without compromising the organization's security posture.