Skip to main content
CrowdStrikebeginner

How to Install CrowdStrike Falcon Sensor on Windows 10/11 & Server (2025 Guide)

Deploy CrowdStrike Falcon on Windows 10, 11, and Server with our 2025 guide. Covers GUI and silent installation, verification, and enterprise deployment best practices.

5 min readUpdated January 2026

The CrowdStrike Falcon Sensor is an advanced endpoint protection solution that detects and prevents cyber threats in real time. Installing the Falcon Sensor on Windows endpoints ensures they are continuously monitored and protected against malware, ransomware, and other cyber threats.

CrowdStrike Falcon Command Builder

Generate CrowdStrike Falcon sensor commands for Windows, macOS, and Linux: install with CID and provisioning tokens, uninstall with a maintenance token, verify the sensor is running, configure proxies, and set grouping tags.

Open the full CrowdStrike Falcon Command Builder
Loading interactive tool...

Want us to handle this for you?

Get expert help →

This guide provides step-by-step instructions for installing the Falcon Sensor on Windows 10, Windows 11, and Windows Server environments.

Requirements

  • Administrator privileges on the Windows device.
  • CrowdStrike Falcon Sensor download link and Customer ID (CID) from the CrowdStrike Falcon Console.
  • Internet access (for cloud-based threat detection).

Step 1: Download the CrowdStrike Falcon Sensor

  1. Log into the CrowdStrike Falcon Console

  2. Open a browser and go to the CrowdStrike console. There are two possibilities (Will depend on your tenant):

  3. https://falcon.crowdstrike.com.

  4. https://falcon.us-2.crowdstrike.com/

  5. Sign in using your admin credentials

  6. Navigate to the Sensor Downloads Page

  7. In the left-hand menu, click Host Setup and Management > Sensor Downloads.

  8. Download the Windows Sensor

  9. Select the Windows sensor version and download the installer file (WindowsSensor.exe).

Step 2: Install the Falcon Sensor on Windows

Method 1: Install via GUI (Manual Installation)

  1. Locate the downloaded file (WindowsSensor.exe).
  2. Right-click on the file and select Run as administrator.
  3. Follow the on-screen instructions and enter your CID (Customer ID) when prompted.
  4. Click Install, wait for the installation to complete, and then restart the system if required.

Method 2: Install via Command Line (Silent Installation)

For large deployments, command-line installation is recommended.

  1. Open PowerShell as Administrator

  2. Click Start, type PowerShell, right-click it, and select Run as administrator.

  3. Run the Installation Command (Replace YOUR-CUSTOMER-ID with the CID provided in the Falcon Console.)

WindowsSensor.exe /install /quiet /norestart CID=YOUR-CUSTOMER-ID
  1. Verify the Installation: Run the following command to check the sensor status:
sc query csagent

If installed correctly, you should see STATE: RUNNING in the output.

Step 3: Verify the Falcon Sensor is Running

After installation, confirm that the sensor is active and communicating with the CrowdStrike Falcon Console.

Check Installed Programs

  1. Open Control Panel > Programs and Features.
  2. Look for CrowdStrike Falcon Sensor in the list of installed programs.

Check Sensor Status Using Command Prompt

Run the following command to verify that the sensor is installed and running:

sc query csagent

If successful, the service state should be RUNNING.

Step 4: Confirm the Device is Reporting to the Falcon Console

  1. Log into the CrowdStrike Falcon Console (https://falcon.crowdstrike.com).
  2. Go to Hosts > Host Management.
  3. Search for the newly installed device using its hostname or IP address.
  4. If the sensor is successfully installed and reporting, you will see the device listed as Connected.

📌 Note: It may take a few minutes for the device to appear in the console.

Troubleshooting Installation Issues

1. Installation Fails with “Access Denied”

  • Ensure you are running the installer as Administrator.
  • Check Windows security policies that may block third-party applications.

2. The Sensor Does Not Appear in the Falcon Console

  • Restart the system and wait a few minutes.

  • Ensure the endpoint has an internet connection.

  • Run the command:

    sc query csagent

    If it shows STOPPED, restart the service using:

    net start csagent

3. Firewall or Proxy Issues

  • Ensure the Falcon Sensor can communicate with CrowdStrike cloud servers by allowing outbound connections on port 443.

Best Practices

  • Use deployment tool like Intune, GPO or SCCM for large-scale deployments.
  • Keep sensors updated to the latest version for optimal protection.
  • Monitor newly installed endpoints in the Falcon Console to ensure they report correctly.
Free Download

Migrating Endpoint Protection? Don’t Wing It.

Get the step-by-step decommission checklist and PowerShell scripts for safely removing legacy EDR/AV agents.

EDR Decommission ToolkitChecklist + 4 PowerShell scripts for safe agent removal

No spam. Unsubscribe anytime.

Frequently Asked Questions

Find answers to common questions

To install the CrowdStrike Falcon Sensor on Windows, you need administrator privileges on the device, access to the CrowdStrike Falcon Console for the Customer ID (CID), and a stable internet connection for cloud communication. Verify compatibility with supported Windows versions, including Windows 10, Windows 11, and various Windows Server editions. Temporarily disable any conflicting endpoint security solutions and check that system policies, such as Windows Defender Application Control or third-party whitelisting, do not block the installation.

If the CrowdStrike Falcon Sensor does not appear in the Falcon Console after installation, first verify the installation by checking the Control Panel under 'Programs and Features' for 'CrowdStrike Falcon Sensor' and ensuring the service is running. Use the command prompt with sc query csagent to check the service status; if 'STOPPED', restart it with net start csagent. Ensure the endpoint has internet connectivity and that firewall settings allow outbound connections on port 443. If the sensor is installed correctly but still not visible, restart the system and allow a few minutes for registration. Review installation logs for any error messages if issues persist.

To perform a silent installation of the CrowdStrike Falcon Sensor, download 'WindowsSensor.exe' and open PowerShell as Administrator. Navigate to the installation file's directory and execute: WindowsSensor.exe /install /quiet /norestart CID=YOUR-CUSTOMER-ID, replacing 'YOUR-CUSTOMER-ID' with your actual CID from the CrowdStrike Falcon Console. The /quiet option suppresses user interaction, while /norestart prevents automatic reboots. This method is ideal for large-scale deployments using tools like Microsoft Intune, Group Policy Objects (GPO), or SCCM.

For large-scale deployments, use automation tools like Microsoft Intune, Group Policy Objects (GPO), or SCCM to ensure consistent installations across all endpoints. Track sensor versions to maintain updates, as running outdated versions can expose vulnerabilities. Regularly monitor endpoints in the Falcon Console to confirm they are reporting correctly, and establish a maintenance process to address any sensor status discrepancies promptly. Document your deployment procedures and maintain an inventory of all protected endpoints.

To uninstall CrowdStrike Falcon Sensor from Windows, you need the maintenance token from the Falcon Console. Open Control Panel > Programs and Features, select CrowdStrike Falcon Sensor, and click Uninstall. When prompted, enter the maintenance token. Alternatively, use the command line: WindowsSensor.exe /uninstall /quiet MAINTENANCE_TOKEN=YourToken. Without the maintenance token, uninstallation will fail - this is a security feature to prevent unauthorized removal. See our detailed CrowdStrike uninstall guide for step-by-step instructions.

Your CrowdStrike Customer ID (CID) is found in the Falcon Console. Log in at falcon.crowdstrike.com or falcon.us-2.crowdstrike.com, navigate to Host Setup and Management > Sensor Downloads. The CID is displayed on the downloads page, often with a checksum included. Copy only the CID portion (format: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX-XX) for installation commands.

CrowdStrike Falcon Sensor is designed for minimal system impact. It uses approximately 1-2% CPU during normal operation and around 40-100MB RAM. The lightweight sensor sends telemetry to the cloud for analysis rather than performing resource-intensive local processing. Most users report no noticeable performance degradation. If you experience slowdowns, check the Falcon Console for sensor health issues or conflicting security software. Learn more about what CrowdStrike does and how it protects endpoints.

Need help shipping something?

Productized MVP development for founders. 9 SaaS apps shipped — yours could be next, in 6 weeks.

Learn About Secure MVPExplore Custom Software Development

Related Articles

CrowdStrike Falcon RBAC Guide: User Roles, Permissions & Least Privilege Access

Complete guide to CrowdStrike Falcon RBAC and user permissions. Configure least privilege access, create SOC analyst roles, manage admin permissions, and troubleshoot access issues.

Read More →

CrowdStrike Exchange Exclusions | Configure Falcon for Exchange Server

Configure CrowdStrike exclusions for Exchange Server. Protect database files, logs, and processes to ensure mail flow.

Read More →

Deploy CrowdStrike Falcon via GPO | Active Directory Guide

Step-by-step guide to deploy CrowdStrike Falcon sensors using Group Policy. Silent installation, startup scripts, troubleshooting tips for AD environments.

Read More →

Related Tools

Free tools to help you implement what you learned

EDR Needs Assessment

Evaluate your endpoint detection and response requirements

Try it free →

MITRE ATT&CK Explorer

Map threats to the MITRE ATT&CK framework

Try it free →

Incident Response Playbook

Generate customized IR playbooks for your organization

Try it free →
Back to CrowdStrike