• DarkThoughts@fedia.io
    link
    fedilink
    arrow-up
    96
    ·
    4 months ago

    Can someone in non marketing terms explain what the fuck CrowdStrike Falcon Sensor is? I literally never heard of this company or product before.

    • farcaster@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      111
      ·
      4 months ago

      It’s basically corporate anti-virus software. Intended to detect and prevent malware.

      • Alimentar@lemm.ee
        link
        fedilink
        English
        arrow-up
        31
        arrow-down
        2
        ·
        4 months ago

        Apparently it’s the next iteration of AI based antivirus where it uses smart algorithms to detect system behaviours and makes assessments on whether they’re malicious or not

        • GreyBeard@lemmy.one
          link
          fedilink
          English
          arrow-up
          26
          ·
          4 months ago

          I know there is a lot of marketing fluff, but yes, it is an EDR. Which means instead of just checking file signatures against a database if known bad stuff, it actually examines what applications do and makes a sort of judgement on if it is acting maliciously or not. I use a similar product. Although the false positives can sometimes be baffling, it honestly can catch a legit program misbehaving.

          On top of that, everything is logged. Every file, network connection, or registry key that every process on the computer touches is logged. That means when something happens, you can see the full and complete list of actions taken by the malicious system. Thus can actually be a drain on the computer, but modern systems handle it well enough.

            • GreyBeard@lemmy.one
              link
              fedilink
              English
              arrow-up
              5
              ·
              4 months ago

              SentinelOne. They are more reseller/MSP friendly, but the product is very similar to CrowdStrike.

              • ditty@lemm.ee
                link
                fedilink
                English
                arrow-up
                2
                ·
                4 months ago

                We also use S1 and while it does often flag false positives, that’s a whole heck of a lot better than the alternative. Also I have not noticed it being very resource intensive.

                • GreyBeard@lemmy.one
                  link
                  fedilink
                  English
                  arrow-up
                  3
                  ·
                  4 months ago

                  It’s overhead is more subtle than task manager can tell. Because of all its watching and monitoring, it slows down applications themselves. Task take longer. Sometime it is by a trivial amount, but I’ve been able to measure a notable difference in some task with and without S1, even if task manager says all is well.

        • sukotai@lemmy.world
          link
          fedilink
          English
          arrow-up
          11
          arrow-down
          7
          ·
          4 months ago

          obviously, A.I consider microsoft as a malicious software. Sometimes, A.I is very accurate 😁

      • xavier666@lemm.ee
        link
        fedilink
        English
        arrow-up
        1
        ·
        4 months ago

        Can you tell whether this update was delivered by Crowdstrike’s own update delivery pipeline of via Window’s update pipeline?

    • send_me_your_ink@lemmynsfw.com
      link
      fedilink
      English
      arrow-up
      4
      ·
      4 months ago

      It’s software put on every machine so that the company can quickly isolate it if/when something bad happens (or it falls out of security compliance). To do this is requires a constant Internet connection, insanely high privileges on the machine and frequent updates to be appraised of risks.

      That risk update went off the rails and into the next state.