CrowdStrikebeginner

Check CrowdStrike Falcon Sensor Status: Verify Sensor Running (Windows/Mac/Linux)

Verify CrowdStrike Falcon sensor is running with step-by-step commands for Windows (sc query csagent), Mac (falconctl stats), and Linux (systemctl status falcon-sensor). Check sensor version, service status, and troubleshoot connectivity issues.

5 min readUpdated January 2025

Ensuring the **CrowdStrike Falcon Sensor** is running properly on your endpoints is essential for maintaining security. This guide provides **simple verification steps** for Windows, macOS, and Linux to confirm that the sensor is **installed, active, and communicating with the CrowdStrike Falcon Console**.

---

Checking the Falcon Sensor on Windows

Method 1: Verify via Command Prompt

    - Open Command Prompt by pressing **Win + R**, typing cmd, and pressing **Enter**. - Type sc query csagent and press **Enter**. - If the **STATE** shows RUNNING, the Falcon Sensor is active. If it is **STOPPED**, start it by typing net start csagent and pressing **Enter**.
### **Method 2: Verify via Control Panel**
    - Open **Control Panel** and go to **Programs and Features**. - Look for **CrowdStrike Falcon Sensor** in the installed programs list. - If it is listed, the sensor is installed.
### **Method 3: Check Connection to the Falcon Console**
    - Log into the **CrowdStrike Falcon Console** at: [https://falcon.crowdstrike.com](https://falcon.crowdstrike.com/) or [https://falcon.us-2.crowdstrike.com/](https://falcon.us-2.crowdstrike.com/) (Varies by tenant). - Click **Hosts** > **Host Management**. - Search for the **computer name**. - If the device appears and shows as **Connected**, the sensor is functioning properly.
---

Checking the Falcon Sensor on macOS

Method 1: Verify via Terminal

    - Open **Terminal** (Command + Space, type “Terminal”, and press **Enter**). - Type sudo /Applications/Falcon.app/Contents/Resources/falconctl stats and press **Enter**. - Look for the message **“Sensor operational: true”**. - If the sensor is not running, restart it by typing sudo launchctl load /Library/LaunchDaemons/com.crowdstrike.falcon.Agent.plist and pressing **Enter**.
### **Method 2: Check Falcon Sensor in System Preferences**
    - Open **System Settings** (or **System Preferences** on older macOS versions). - Go to **Privacy & Security** > **Full Disk Access**. - Ensure **CrowdStrike Falcon Sensor** has the required permissions.
### **Method 3: Check Connection to the Falcon Console**
    - Log into the **Falcon Console** at [https://falcon.crowdstrike.com](https://falcon.crowdstrike.com/). - Click **Hosts** > **Host Management**. - Search for your Mac’s **hostname** or **serial number**. - If the device appears as **Connected**, the Falcon Sensor is working.
---

Checking the Falcon Sensor on Linux

Method 1: Verify the Sensor Service

    - Open **Terminal**. - Type sudo systemctl status falcon-sensor and press **Enter**. - If the output shows **Active (running)**, the sensor is operational. - If the sensor is not running, start it by typing sudo systemctl start falcon-sensor and pressing **Enter**.
### **Method 2: Check Sensor Version and Status**
    - Open **Terminal**. - Type sudo falconctl stats and press **Enter**. - Look for the message **“Sensor operational: true”**.
### **Method 3: Verify Connection to Falcon Console**
    - Log into the **Falcon Console** at [https://falcon.crowdstrike.com](https://falcon.crowdstrike.com/). - Click **Hosts** > **Host Management**. - Search for the **hostname or IP address** of your Linux machine. - If the device appears as **Connected**, the Falcon Sensor is working properly.
---

Troubleshooting Sensor Issues

1. Sensor is Installed but Not Running

  • Restart the system and run the verification steps again.
  • Check Windows Services, macOS System Extensions, or Linux systemctl logs to ensure the service is not blocked.

2. Sensor Not Reporting to the Falcon Console

  • Ensure the endpoint has an active internet connection.
  • Type ping ts01-b.cloudsink.net in Command Prompt or Terminal and check if it responds. If the ping fails, check firewall or proxy settings.

3. Service Fails to Start

  • On Windows, type net start csagent in Command Prompt.
  • On macOS, type sudo launchctl load /Library/LaunchDaemons/com.crowdstrike.falcon.Agent.plist in Terminal.
  • On Linux, type sudo systemctl restart falcon-sensor in Terminal.

Frequently Asked Questions

Find answers to common questions

To verify that the Falcon Sensor is actively reporting, log into the CrowdStrike Falcon Console at https://falcon.crowdstrike.com. Navigate to Hosts > Host Management and search for the hostname or IP address of your endpoint. If the device appears as 'Connected', the sensor is functioning correctly. If not, check your internet connection by pinging ts01-b.cloudsink.net. If the ping fails, investigate your firewall or proxy settings, as they may be blocking communication.

Need Expert CrowdStrike Management?

Our team manages CrowdStrike deployments for businesses like yours. Get 24/7 threat detection and response with expert oversight.

Learn About 24/7 Detection & ResponseExplore Vulnerability Management

Related Articles

CrowdStrike User Roles: Create Custom Roles & Manage Permissions

Create and manage user roles in CrowdStrike Falcon. Configure RBAC, assign permissions, and restrict console access.

Read More →

CrowdStrike Exchange Exclusions | Configure Falcon for Exchange Server

Configure CrowdStrike exclusions for Exchange Server. Protect database files, logs, and processes to ensure mail flow.

Read More →

Deploy CrowdStrike Falcon via GPO | Active Directory Guide

Step-by-step guide to deploy CrowdStrike Falcon sensors using Group Policy. Silent installation, startup scripts, troubleshooting tips for AD environments.

Read More →
Back to CrowdStrike