What are sensor update exclusions in CrowdStrike?

Sensor update exclusions are scheduled time blocks during which CrowdStrike cloud updates are blocked for hosts in a sensor update policy. This prevents sensor updates from occurring during maintenance windows, critical business hours, or other periods where you don't want system changes. Exclusions apply to sensor cloud updates and policy assignments.

How long can a sensor update exclusion window be?

Sensor update exclusion windows must be at least one hour long and can extend up to a full calendar day (24 hours) by selecting the 'All day' option. Time blocks must be at least one hour apart from each other. You can create one time block per day of the week, allowing for complex weekly schedules.

What time zone do CrowdStrike update exclusions use?

When configuring exclusion time blocks, you select a specific time zone. The exclusion applies at the specified times in that selected time zone, regardless of where the hosts are physically located. For example, a 04:00-06:00 exclusion in UTC+10:00 applies at those times in UTC+10:00, not in each host's local time.

Can I block sensor updates for an entire day?

Yes, you can select the 'All day' option when creating a time block to block sensor updates for an entire calendar day. However, be cautious with all-day blocks as they can prevent hosts that are only online during those times from ever receiving updates.

What happens if I block too many hours per week?

Creating overly restrictive exclusion schedules can prevent sensors from receiving updates. Hosts that are only online during excluded hours won't receive updates. VMs and laptops that are periodically online are especially at risk. The Falcon Console shows your 'Total blocked duration' per week to help you avoid this issue.

Do existing time blocks remain when I disable scheduled exclusions?

Yes, when you disable 'Enable sensor update schedule', existing time blocks are preserved but ignored. Sensor cloud updates proceed regardless of the time blocks. You can re-enable the schedule later without recreating your time blocks.

How to Schedule CrowdStrike Falcon Sensor Update Exclusions (Block Update Windows)

Sensor update exclusions let you schedule time blocks during which CrowdStrike cloud updates are blocked. This prevents sensor updates during maintenance windows, critical business operations, or other times when you don't want system changes.

Understanding Update Exclusions

Scheduled exclusions prevent:

Sensor cloud updates from being pushed to hosts
Policy assignments from taking effect
Policy changes from being applied to already-assigned hosts

Use cases

Protect maintenance windows from sensor updates
Avoid updates during peak business hours
Coordinate sensor updates with change management processes

Enabling Scheduled Exclusions

Go to Host Setup and Management > Deploy > Sensor Update Policies
Select Your Policy
Create a new policy or select an existing one
Enable the Schedule
Click the Sensor Update Schedule tab
Select Enable sensor update schedule
Create Time Blocks
Add at least one time block (see below)

Adding a Time Block

Default is your browser's time zone
Exclusion applies at the specified times in this zone, regardless of host location
Select the day from the dropdown menu
Only one time block allowed per day of the week
Set the duration:
For partial day: Select Start time and End time (minimum 1 hour)
For full day: Select All day
Click Add time block
Click Save, then confirm

Time Block Rules

Rule	Requirement
Minimum duration	1 hour
Maximum duration	24 hours (All day)
Blocks per day	1 maximum
Spacing between blocks	At least 1 hour apart

Example Schedules

Business Hours Protection

Block updates during core business hours:

Monday-Friday: 08:00 - 18:00 (local time zone)
Saturday-Sunday: No exclusions (updates allowed)

Maintenance Window Protection

Block updates during scheduled maintenance:

Sunday: 02:00 - 06:00 (maintenance window)
All other days: No exclusions

Weekend Updates Only

Only allow updates on weekends:

Monday-Friday: All day exclusion
Saturday-Sunday: No exclusions

Editing a Time Block

- Go to the **Sensor Update Schedule** tab of your policy - Click the **Edit** button next to the time block - Make your changes - Click **Add time block** - Click **Save**, then confirm

Deleting a Time Block

- Go to the **Sensor Update Schedule** tab - Click the **Delete** button next to the time block - Click **Remove**

Note: If you delete all time blocks, you must deselect "Enable sensor update schedule" before saving.

Disabling Scheduled Exclusions

- Open your sensor update policy - Click the **Sensor Update Schedule** tab - Deselect **Enable sensor update schedule** - Click **Save**, then confirm

When disabled, existing time blocks remain configured but are ignored. Updates proceed normally.

Viewing Your Schedule

The Sensor Update Schedule tab displays:

A weekly chart showing all scheduled exclusions
Hover over each day's bar to see exact times
Total blocked duration per week

Monitor the total blocked duration to ensure hosts have adequate time to receive updates.

Important Considerations

Hosts Must Be Online

Hosts can only receive sensor updates when they're online. Be careful not to exclude the only times certain hosts are online:

VMs: May only run during business hours
Laptops: May only connect during work hours
Remote workers: May have limited online windows

Policy Changes During Exclusions

Changes made to a sensor update policy during an exclusion window won't appear in the Host Management table until the exclusion period ends and the updated policy is applied.

Throttling Impact

Combining update exclusions with sensor update throttling can result in some hosts not receiving updates. Ensure adequate update windows remain available.

Best Practices

Monitor blocked duration: Keep total weekly blocked hours reasonable
Consider all host types: VMs and laptops have limited online time
Coordinate with throttling: Don't combine restrictive exclusions with low throttle rates
Test first: Validate exclusion schedules in test policies
Document schedules: Maintain records of exclusion windows and their purposes

How to Schedule CrowdStrike Falcon Sensor Update Exclusions (Block Update Windows)

Understanding Update Exclusions

Use cases

Enabling Scheduled Exclusions

Adding a Time Block

Time Block Rules

Example Schedules

Business Hours Protection

Maintenance Window Protection

Weekend Updates Only

Editing a Time Block

Deleting a Time Block

Disabling Scheduled Exclusions

Viewing Your Schedule

Important Considerations

Hosts Must Be Online

Policy Changes During Exclusions

Throttling Impact

Best Practices

Frequently Asked Questions

Need Expert CrowdStrike Management?

CrowdStrike User Roles: Create Custom Roles & Manage Permissions

CrowdStrike Exchange Exclusions | Configure Falcon for Exchange Server

Deploy CrowdStrike Falcon via GPO | Active Directory Guide

How to Schedule CrowdStrike Falcon Sensor Update Exclusions (Block Update Windows)

Understanding Update Exclusions

Use cases

Enabling Scheduled Exclusions

Adding a Time Block

Time Block Rules

Example Schedules

Business Hours Protection

Maintenance Window Protection

Weekend Updates Only

Editing a Time Block

Deleting a Time Block

Disabling Scheduled Exclusions

Viewing Your Schedule

Important Considerations

Hosts Must Be Online

Policy Changes During Exclusions

Throttling Impact

Best Practices

Related Articles

Frequently Asked Questions

Need Expert CrowdStrike Management?

Related Articles

CrowdStrike User Roles: Create Custom Roles & Manage Permissions

CrowdStrike Exchange Exclusions | Configure Falcon for Exchange Server

Deploy CrowdStrike Falcon via GPO | Active Directory Guide