Endpoint Security Software
Endpoint security software must be installed on all JH owned computers to meet compliance regulations. This software is maintained centrally to detect, remediate, and limit the spread of malware.
Installation
Crowdstrike Falcon software is pre-installed and active on all newly deployed machines.
Getting Assistance with Crowdstrike
If you are concerned that Crowdstrike may be malfunctioning, start notating what time(s) and during which activities Crowdstrike is acting up. You may check Activity Monitor to see if Crowdstrike processes are monopolizing system resources.
The Falcon Sensor for Mac has a built-in diagnostic tool, and its functionality includes generating a sysdiagnose output that you can then supply to Support when investigating sensor issues.
To use it, you’ll need sudo access on the Mac host, and from a terminal, simply enter the command:
sudo /Applications/Falcon.app/Contents/Resources/falconctl diagnose
You will get a status bar in the terminal while the diagnostic is performed. This process can take up to 10 minutes to complete. Once finished, the path to the file will be displayed in your terminal session, and a Finder window will appear, displaying the directory /private/tmp/ and the sysdiagnose file there will look similar to this: falconctl_diagnose_4APo7TWJ.tgz
Once you’ve collected some notes and logs, head to ServiceNow and launch an incident request (IT Help > Something is Broken). Attach your notes and logs, and include the phrase “Please route to Systems Security Support.” From there the team managing Crowdstrike will reach out to assist you.