CrowdStrikebeginner

How to Install the CrowdStrike Falcon Sensor on Windows

Step-by-step guide to installing the CrowdStrike Falcon endpoint protection sensor on Windows workstations and servers

10 min readUpdated January 2025

The CrowdStrike Falcon sensor provides next-generation endpoint protection with real-time threat detection and response capabilities. This guide walks you through installing the Falcon sensor on Windows workstations and servers.

Prerequisites

Before you begin, ensure you have:

  • Administrative access to the target Windows computer
  • CrowdStrike Falcon console access to download the installer
  • Installer package downloaded from your Falcon console
  • Customer ID (CID) from your Falcon console
  • Active internet connection for sensor communication

Step 1: Download the Falcon Sensor Installer

  1. Log in to the CrowdStrike Falcon console at https://falcon.crowdstrike.com
  2. Navigate to Support > Sensor Downloads
  3. Select Windows as your operating system
  4. Click Download to save the installer (typically named WindowsSensor.exe)
  5. Note your Customer ID (CID) displayed on the download page - you'll need this during installation

Step 2: Uninstall Existing Antivirus Software (If Applicable)

To avoid conflicts, remove any existing endpoint protection solutions:

  1. Open Settings > Apps > Apps & features
  2. Locate your current antivirus software
  3. Click Uninstall and follow the removal wizard
  4. Restart the computer if prompted
  5. Verify the removal completed successfully before proceeding

Important: Do not leave systems unprotected. Install CrowdStrike Falcon immediately after uninstalling your previous solution.

Step 3: Install the CrowdStrike Falcon Sensor

Interactive Installation

  1. Run the installer as Administrator:

    • Right-click WindowsSensor.exe
    • Select Run as administrator

  2. Accept the EULA when prompted

  3. Complete the installation:

    • The installer will automatically configure the sensor
    • No additional configuration is required during installation
    • The sensor service will start automatically

  4. Wait for completion:

    • Installation typically takes 2-5 minutes
    • You'll see a confirmation message when complete

Silent Installation (For Enterprise Deployment)

For automated deployment via Group Policy, SCCM, or scripts:

WindowsSensor.exe /install /quiet /norestart CID=YOUR_CUSTOMER_ID_HERE

Command-line parameters:

  • /install - Performs installation
  • /quiet - Silent installation with no user interface
  • /norestart - Prevents automatic reboot
  • CID= - Your unique Customer ID from the Falcon console

Example deployment command:

WindowsSensor.exe /install /quiet /norestart CID=1234567890ABCDEF-12

Step 4: Verify Installation

Check the Falcon Service

  1. Open Services (Run services.msc)
  2. Locate CrowdStrike Falcon Sensor Service
  3. Verify the status shows Running
  4. Confirm Startup Type is set to Automatic

Verify in the Falcon Console

  1. Log in to the Falcon console
  2. Navigate to Host Management > Hosts
  3. Search for the computer name
  4. Confirm the host appears with a green checkmark (online status)
  5. Verify Sensor Version matches your deployed version

Note: It may take 5-10 minutes for a newly installed sensor to appear in the console.

Command-Line Verification

Open Command Prompt as Administrator and run:

sc query csfalconservice

You should see:

  • STATE: RUNNING
  • START_TYPE: AUTO_START

Step 5: Configure Sensor Settings (Optional)

Sensor Update Policy

By default, sensors automatically update to the latest version. To customize:

  1. In the Falcon console, go to Configuration > Sensor Updates
  2. Create or modify your Sensor Update Policy
  3. Assign the policy to appropriate host groups

Prevention Policies

Configure detection and prevention settings:

  1. Navigate to Configuration > Prevention Policies
  2. Select or create a policy for your environment
  3. Configure settings for:
    • Malware Prevention (detect/prevent)
    • Exploit Mitigation
    • Behavioral Prevention
    • Machine Learning Detection

Troubleshooting Common Issues

Sensor Not Appearing in Console

Symptoms: Sensor installed but not visible in Falcon console after 15+ minutes.

Solutions:

  1. Verify internet connectivity
  2. Check Windows Firewall allows outbound HTTPS (443) traffic
  3. Confirm proxy settings if applicable
  4. Review Event Viewer for CrowdStrike errors
  5. Restart the CrowdStrike Falcon service: 
    net stop csfalconservice
net start csfalconservice

Installation Fails

Symptoms: Installer returns an error or fails silently.

Solutions:

  1. Run installer as Administrator
  2. Disable UAC temporarily for deployment
  3. Check system requirements (OS version, available disk space)
  4. Verify no conflicting security software is running
  5. Review C:\\Windows\\Temp\\CSFalcon_*.log for detailed error messages

Service Won't Start

Symptoms: CrowdStrike service shows "Stopped" in Services console.

Solutions:

  1. Check Event Viewer for service startup errors
  2. Verify system date/time is accurate (required for cloud communication)
  3. Ensure sufficient system resources (CPU, memory, disk space)
  4. Try manual service start: 
    net start csfalconservice
  5. If issues persist, collect diagnostic logs and contact CrowdStrike support

Uninstalling the Falcon Sensor

If you need to remove the Falcon sensor:

Interactive Uninstall

  1. Open Settings > Apps > Apps & features
  2. Locate CrowdStrike Falcon Sensor
  3. Click Uninstall
  4. Follow the uninstallation wizard
  5. Restart the computer when prompted

Silent Uninstall

WindowsSensor.exe /uninstall /quiet MAINTENANCE_TOKEN=your_maintenance_token

Important: Uninstallation requires a maintenance token from your Falcon console to prevent unauthorized removal. Obtain this from Host Management > Sensor Downloads > Uninstall Protection.

Next Steps

After successful installation:

  1. Review detections: Monitor the Detections page for security events
  2. Configure policies: Customize prevention and response policies for your environment
  3. Set up dashboards: Create custom dashboards for security monitoring
  4. Enable integrations: Connect Falcon with SIEM, ticketing, or other security tools
  5. Train your team: Ensure IT staff understand how to investigate and respond to Falcon alerts

Additional Resources

Need help with your CrowdStrike deployment? Inventive HQ offers comprehensive CrowdStrike implementation services, from initial deployment to ongoing management and optimization. Contact us for a free consultation.

Frequently Asked Questions

Find answers to common questions

Windows 7 SP1 or later, 1GB RAM minimum (2GB recommended), 500MB free disk space, and an active internet connection for cloud connectivity.

Need Professional Help?

Our team of experts can help you implement and configure these solutions for your organization.

Contact Our TeamView Our Services

Related Articles

CrowdStrike User Roles: Create Custom Roles & Manage Permissions

Create and manage user roles in CrowdStrike Falcon with custom permissions. Step-by-step guide to configure role-based access control (RBAC), assign permissions, and restrict user access to Falcon console features.

Read More →

CrowdStrike Exchange Exclusions | Configure Falcon for Exchange Server

Configure essential CrowdStrike exclusions for Microsoft Exchange Server. Protect database files, transaction logs, and processes to prevent corruption and ensure mail flow.

Read More →

Deploy CrowdStrike Falcon via GPO | Active Directory Guide

Step-by-step guide to deploy CrowdStrike Falcon sensors using Group Policy. Silent installation, startup scripts, troubleshooting tips for AD environments.

Read More →
Back to CrowdStrike