Re: ESAP 3.9.9 - Crowdstrike fails compliance

NetworkBod · ‎05-11-2022

Just a note incase anyone else uses Crowdstrike, i attempted to update to ESAP 3.9.9 and compliance started to fail stating "Crowdstrike Falcon 6.37.15103.0 does not comply with Policy. Compliance requires real time protection enabled." even though Crowdstrike was running locally all ok. I rolled back to 3.9.5 to fix. I also had to uninstall / reinstall the Pulse client from my test laptop as i presume ESAP 3.9.9 updated something locally.

I've raised a case so hopefully sorted in next release. thanks.

zanyterp · ‎05-11-2022

thank you for raising a case for us to check on this
what pcs release are you using? i believe that particular software may require both esap 3.9.9 and pcs 9.1r15

NetworkBod · ‎05-12-2022

@zanyterp Hi, Yeah i had just updated to 9.1R15 tested access and all ok, then updated ESAP to 3.9.9 which is when Crowdstrike started to fail compliance. Rolled back to our previous version ESAP 3.9.5 and that works fine. Your support have pended the case as want logs etc but difficult for me to obtain as other work going on so i wont be able to reenable 3.9.9 to test futher for a couple weeks.

Be useful to know if anyone else in the community here is using Crowdstrike and have had the same issue with ESAP 3.9.9 or not. Thanks.

zanyterp · ‎05-12-2022

thank you for the update; i am sorry to hear that it is 3.9.9 specific
thank you for your help and apologies for the bother