Crowdstrike Feature Testing and Implementation

In keeping with Crowdstrike’s recommended best practices, the Information Security Office will be enabling recently delivered features to the Crowdstrike prevention policies.  The new features will be enabled for opt-in test groups first.  After a test period of 10 days, the same changes will be made in the production prevention policies.  We are asking SCAD/DCS for volunteer machines for the test group.

Feature to be enabled

Windows

  • Detect and Quarantine on Write - Machine learning to analyze and quarantine suspicious files.

Windows and macOS

  • Quarantine executable files after they’re prevented by NGAV.

Linux

  • Unknown Executables Detection and Analysis - Advanced analysis for unknown detection-related executables
  • Filesystem Visibility - Improved analysis of filesystem activity.
  • Network Visibility - Improved analysis of network activity.

To volunteer for the test group, email [email protected] stating that you would like to participate and provide the hostname, MAC address, and operating system (Apple, Windows 10/11, Windows Server, or Linux server) for each system which you would like to have participate.