The CrowdStrike Falcon Sensor is an advanced endpoint protection solution that detects and prevents cyber threats in real time. Installing the Falcon Sensor on Windows endpoints ensures they are continuously monitored and protected against malware, ransomware, and other cyber threats.
This guide provides step-by-step instructions for installing the Falcon Sensor on Windows 10, Windows 11, and Windows Server environments.
Requirements
- Administrator privileges on the Windows device.
- CrowdStrike Falcon Sensor download link and Customer ID (CID) from the CrowdStrike Falcon Console.
- Internet access (for cloud-based threat detection).
Step 1: Download the CrowdStrike Falcon Sensor
- Log into the CrowdStrike Falcon Console
- Go to https://falcon.crowdstrike.com and sign in with your admin credentials.
- Navigate to the Sensor Downloads Page
- In the left-hand menu, click Host Setup and Management > Sensor Downloads.
- Download the Windows Sensor
- Select the Windows sensor version and download the installer file (
WindowsSensor.exe).
- Select the Windows sensor version and download the installer file (
Step 2: Install the Falcon Sensor on Windows
Method 1: Install via GUI (Manual Installation)
- Locate the downloaded file (
WindowsSensor.exe). - Right-click on the file and select Run as administrator.
- Follow the on-screen instructions and enter your CID (Customer ID) when prompted.
- Click Install, wait for the installation to complete, and then restart the system if required.
Method 2: Install via Command Line (Silent Installation)
For large deployments, command-line installation is recommended.
- Open PowerShell as Administrator
- Click Start, type PowerShell, right-click it, and select Run as administrator.
- Run the Installation Command (Replace YOUR-CUSTOMER-ID with the CID provided in the Falcon Console.)
WindowsSensor.exe /install /quiet /norestart CID=YOUR-CUSTOMER-ID- Verify the Installation: Run the following command to check the sensor status:
sc query csagentIf installed correctly, you should see STATE: RUNNING in the output.
Step 3: Verify the Falcon Sensor is Running
After installation, confirm that the sensor is active and communicating with the CrowdStrike Falcon Console.
Check Installed Programs
- Open Control Panel > Programs and Features.
- Look for CrowdStrike Falcon Sensor in the list of installed programs.
Check Sensor Status Using Command Prompt
Run the following command to verify that the sensor is installed and running:
sc query csagent
If successful, the service state should be RUNNING.
Step 4: Confirm the Device is Reporting to the Falcon Console
- Log into the CrowdStrike Falcon Console (https://falcon.crowdstrike.com).
- Go to Hosts > Host Management.
- Search for the newly installed device using its hostname or IP address.
- If the sensor is successfully installed and reporting, you will see the device listed as Connected.
📌 Note: It may take a few minutes for the device to appear in the console.
Troubleshooting Installation Issues
1. Installation Fails with “Access Denied”
- Ensure you are running the installer as Administrator.
- Check Windows security policies that may block third-party applications.
2. The Sensor Does Not Appear in the Falcon Console
- Restart the system and wait a few minutes.
- Ensure the endpoint has an internet connection.
- Run the command:powershellCopyEdit
sc query csagentIf it shows STOPPED, restart the service using:powershellCopyEditnet start csagent
3. Firewall or Proxy Issues
- Ensure the Falcon Sensor can communicate with CrowdStrike cloud servers by allowing outbound connections on port 443.
Best Practices
✅ Use deployment tool like Intune, GPO or SCCM for large-scale deployments.
✅ Keep sensors updated to the latest version for optimal protection.
✅ Monitor newly installed endpoints in the Falcon Console to ensure they report correctly.