CrowdStrikeintermediate

4 min read

title: Check CrowdStrike Falcon Sensor Status: Verify Sensor Running (Windows/Mac/Linux) description: Verify CrowdStrike Falcon sensor is running with step-by-step commands for Windows (sc query csagent), Mac (falconctl stats), and Linux (systemctl status falcon-sensor). Check sensor version, service status, and troubleshoot connectivity issues. difficulty: beginner estimatedReadTime: 5 lastUpdated: January 2025 featured: false faqItems:

  • question: >- How can I confirm the CrowdStrike Falcon Sensor is actively reporting to the Falcon Console? answer: >- To verify that the Falcon Sensor is actively reporting, log into the CrowdStrike Falcon Console at https://falcon.crowdstrike.com. Navigate to Hosts > Host Management and search for the hostname or IP address of your endpoint. If the device appears as 'Connected', the sensor is functioning correctly. If not, check your internet connection by pinging ts01-b.cloudsink.net. If the ping fails, investigate your firewall or proxy settings, as they may be blocking communication.
  • question: >- What should I do if the Falcon Sensor is installed but not running on Windows? answer: >- If the Falcon Sensor is installed but not running, open Command Prompt and enter 'sc query csagent' to check its status. If the STATE shows 'STOPPED', restart the service by typing 'net start csagent'. If it continues to fail, review Windows Services for any restrictions or conflicts. Additionally, ensure that your system has the necessary permissions and policies configured to allow the Falcon Sensor to operate without interference.
  • question: How do I troubleshoot a non-responsive Falcon Sensor on macOS? answer: >- If the Falcon Sensor on macOS is unresponsive, first check system permissions by navigating to System Settings > Privacy & Security > Full Disk Access and confirm that CrowdStrike Falcon has access. If permissions are correct, open Terminal and run 'sudo /Applications/Falcon.app/Contents/Resources/falconctl stats' to check operational status. If it shows 'Sensor operational: false', restart the service with 'sudo launchctl load /Library/LaunchDaemons/com.crowdstrike.falcon.Agent.plist'. If issues persist, reboot the device and verify the configurations. heroImage: "https://images.unsplash.com/photo-1515343480029-43cdfe6b6aaf?w=1200&h=630&fit=crop"

Ensuring the CrowdStrike Falcon Sensor is running properly on your endpoints is essential for maintaining security. This guide provides simple verification steps for Windows, macOS, and Linux to confirm that the sensor is installed, active, and communicating with the CrowdStrike Falcon Console.

Checking the Falcon Sensor on Windows

Method 1: Verify via Command Prompt

  1. Open Command Prompt by pressing Win + R, typing cmd, and pressing Enter.
  2. Type sc query csagent and press Enter.
  3. If the STATE shows RUNNING, the Falcon Sensor is active. If it is STOPPED, start it by typing net start csagent and pressing Enter.

Method 2: Verify via Control Panel

  1. Open Control Panel and go to Programs and Features.
  2. Look for CrowdStrike Falcon Sensor in the installed programs list.
  3. If it is listed, the sensor is installed.

Method 3: Check Connection to the Falcon Console

  1. Log into the CrowdStrike Falcon Console at: https://falcon.crowdstrike.com or https://falcon.us-2.crowdstrike.com/ (Varies by tenant).
  2. Click Hosts > Host Management.
  3. Search for the computer name.
  4. If the device appears and shows as Connected, the sensor is functioning properly.

Checking the Falcon Sensor on macOS

Method 1: Verify via Terminal

  1. Open Terminal (Command + Space, type “Terminal”, and press Enter).
  2. Type sudo /Applications/Falcon.app/Contents/Resources/falconctl stats and press Enter.
  3. Look for the message “Sensor operational: true”.
  4. If the sensor is not running, restart it by typing sudo launchctl load /Library/LaunchDaemons/com.crowdstrike.falcon.Agent.plist and pressing Enter.

Method 2: Check Falcon Sensor in System Preferences

  1. Open System Settings (or System Preferences on older macOS versions).
  2. Go to Privacy & Security > Full Disk Access.
  3. Ensure CrowdStrike Falcon Sensor has the required permissions.

Method 3: Check Connection to the Falcon Console

  1. Log into the Falcon Console at https://falcon.crowdstrike.com.
  2. Click Hosts > Host Management.
  3. Search for your Mac’s hostname or serial number.
  4. If the device appears as Connected, the Falcon Sensor is working.

Checking the Falcon Sensor on Linux

Method 1: Verify the Sensor Service

  1. Open Terminal.
  2. Type sudo systemctl status falcon-sensor and press Enter.
  3. If the output shows Active (running), the sensor is operational.
  4. If the sensor is not running, start it by typing sudo systemctl start falcon-sensor and pressing Enter.

Method 2: Check Sensor Version and Status

  1. Open Terminal.
  2. Type sudo falconctl stats and press Enter.
  3. Look for the message “Sensor operational: true”.

Method 3: Verify Connection to Falcon Console

  1. Log into the Falcon Console at https://falcon.crowdstrike.com.
  2. Click Hosts > Host Management.
  3. Search for the hostname or IP address of your Linux machine.
  4. If the device appears as Connected, the Falcon Sensor is working properly.

Troubleshooting Sensor Issues

1. Sensor is Installed but Not Running

  • Restart the system and run the verification steps again.
  • Check Windows Services, macOS System Extensions, or Linux systemctl logs to ensure the service is not blocked.

2. Sensor Not Reporting to the Falcon Console

  • Ensure the endpoint has an active internet connection.
  • Type ping ts01-b.cloudsink.net in Command Prompt or Terminal and check if it responds. If the ping fails, check firewall or proxy settings.

3. Service Fails to Start

  • On Windows, type net start csagent in Command Prompt.
  • On macOS, type sudo launchctl load /Library/LaunchDaemons/com.crowdstrike.falcon.Agent.plist in Terminal.
  • On Linux, type sudo systemctl restart falcon-sensor in Terminal.

Need Professional Help?

Our team of experts can help you implement and configure these solutions for your organization.

Contact Our TeamView Our Services

Related Articles

Read More →

CrowdStrike Exchange Exclusions | Configure Falcon for Exchange Server

Configure essential CrowdStrike exclusions for Microsoft Exchange Server. Protect database files, transaction logs, and processes to prevent corruption and ensure mail flow.

Read More →

Deploy CrowdStrike Falcon via GPO | Active Directory Guide

Step-by-step guide to deploy CrowdStrike Falcon sensors using Group Policy. Silent installation, startup scripts, troubleshooting tips for AD environments.

Read More →
Back to CrowdStrike