CrowdStrike Falcon® is an endpoint security platform that combines antivirus, endpoint detection and response, cyber threat intelligence, and more. This platform requires the installation of CrowdStrike Falcon Sensor (agent) on the organization's devices.
You can activate an Application Persistence policy to collect information about the functional status of CrowdStrike Falcon Sensor installed on your Windows devices and view the results in reports. For versions 6.x and higher, you can also configure the policy to reinstall CrowdStrike Falcon Sensor.
NOTE The Report and repair option and the Report, repair, and reinstall option aren't supported on version 5.17.x.
Application Persistence policies for CrowdStrike Falcon are supported only on devices running a supported version of the Windows operating system and one of the following versions of CrowdStrike Falcon Sensor:
- 6.x or higher
If you select Report higher versions as Compliant for version 6.x or higher, higher versions report Compliant without running health checks.
If you select Report higher versions as Compliant for version 5.17.x, higher versions report Compliant if all health checks, other than the version check, pass.
For version 6.x and higher, you can configure an Application Persistence policy for CrowdStrike Falcon to enable the RAR component to reinstall CrowdStrike Falcon Sensor if it's not functioning or missing. In addition to configuring the Application Persistence policy, one of the following configurations is required in the CrowdStrike console:
- Both Uninstall and maintenance protection and Bulk maintenance mode are disabled
- Both Uninstall and maintenance protection and Bulk maintenance mode are enabled
NOTE The Report and repair option isn't supported. Depending on the Absolute product licenses associated with your account, the Report, repair, and reinstall option may not be available.
The RAR component of the Absolute agent can respond to the following issues:
|The CrowdStrike Falcon Sensor Service (CSFalconService.exe) isn't running or isn't installed||
If the Report, repair, and reinstall option is selected in the Application Persistence policy for CrowdStrike Falcon and the Crowdstrike console is correctly configured, the RAR component uninstalls CrowdStrike Falcon Sensor, and then downloads and installs the configured version of the agent.
NOTE Downgrades are not supported. If the version installed on a device is higher than the expected version, no action is taken.
The expected version of CrowdStrike Falcon Sensor isn't installed
Before you activate an Application Persistence policy you need to configure the policy. If you are using version 6.x or higher, you need to configure these settings in addition to the settings in Configuring Application Persistence policies.
To configure the application version for version 6.x and higher:
- Under Application version, select 6.*+ from the drop-down.
Enter the version in Crowdstrike Falcon version.
- The target version must be a sequence of digits separated by a period.
- You can use wild card "*" characters after the major version, for example, 6.* or 6.13.*.
IMPORTANT Make sure the version you are entering is version 6.* or higher.
If you selected the Report, repair, and reinstall option for version 6.x or higher, you also need to configure these settings in addition to the settings in Configuring Application Persistence policies.
To configure the CrowdStrike Falcon specific settings for version 6.x and higher:
- Enter the ID provided by CrowdStrike in Customer ID (CID). This is the ID you use to install CrowdStrike Falcon Sensor on your devices.
- If Bulk maintenance mode is enabled in the CrowdStrike console, enter the bulk maintenance token in Bulk maintenance token (if required).