In some cases, administrators may need to exclude certain files, folders, or processes from CrowdStrike Falcon scanning. This is useful for preventing interference with critical applications, reducing false positives, and optimizing system performance.
This guide explains how to configure file, folder, and process exclusions in CrowdStrike Falcon using the Falcon Console.
Step 1: Log Into the CrowdStrike Falcon Console
- Open a browser and go to https://falcon.crowdstrike.com. or https://falcon.us-2.crowdstrike.com/ depending on where your tenant resides
- Sign in using your admin credentials.
Step 3: Add Exclusions
File or Folder Exclusions
To exclude a specific file or folder from scanning:
- In the left-hand menu, click Endpoint Security > Configure > Exclusions
- Select the machine learning exclusions tab
- Click Create Exclusion
- Select the host group you want to apply the exclusion to, click next
- Enter the exclusion pattern
- Click Create exclusion
- repeat the process on the Sensor Visibility tab
Best Practices for Exclusions
✅ Use Exclusions Sparingly – Excluding too many files or processes can create security risks.
✅ Regularly Review Exclusions – Ensure that old exclusions are still needed.
✅ Test Before Applying Globally – Apply exclusions to a test group first before rolling them out to all endpoints.