As soon as a CrowdStrike Sensor is installed on endpoints, it actively scans for threats without the user scheduling or starting a scan. The safest method is to set up exclusions and assign a policy to endpoints BEFORE installing the agent.
NOTE: While we update this guide from time to time, we cannot guarantee compatibility as Antivirus software companies may make changes without informing us. Be sure to re-enable any antivirus settings that you disable during this process once the exclusions have been set.
- Find your company’s Veriato Vision installation folder.
- Open a browser and log in to your Veriato Vision account at https://app.veriatocloud.com/.
- Go to the Admin | Company Account page.
- Under Antivirus Exclusions note the Windows folder to exclude. For example:
C:\Windows\SysWOW64\yyyxxxx - In addition, note the Hotkey Sequence you will need to test the agent after installation.
- Set up Host Group and assign a CrowdStrike Firewall policy to endpoints.
Open a browser and log in to the CrowdStrike Console.
Click the top-left menu icon to open the sidebar menu.
Select Endpoint Security > Firewall > Policies >Windows Policies.
Create a new policy to assign to a Group of hosts or All Hosts where Veriato Vision will be installed. - Edit the new Firewall Policy to allow inbound and outbound traffic.
This allows communication between the endpoint devices and the Veriato Vision server. - Navigate to Exclusions.
Select Endpoint Security > Configure > Exclusions. - Add a Machine Learning Exclusion for your Veriato Vision folder.
Under Machine Learning Exclusions, press Create exclusion. Choose your Group or All hosts.
Press Next. - Configure the exclusion.
Check to exclude the folder both from Detections and preventions and Uploads to CrowdStrike.
Enter your unique folder name, for example:
Windows\SysWOW64\yyyxxxx\**
Do not use a drive letter or an initial slash. The ** wildcard recursively matches any number of characters in the named directory and all subdirectories.
Press Create Exclusion. - Add the same exclusion to Sensor Visibility Exclusions.
Under Sensor Visibility Exclusions, press Create exclusion, choose hosts to target, and press Next to enter the folder name as you did before:
Press Create Exclusion.
The Veriato Vision folder is now excluded from CrowdStrike's Machine Learning and Sensor Visibility. It should be safe to install the agent. - Download and install the Veriato Vision agent.
Once the policy is set, you should be able to download and install the agent without interference from CrowdStrike.
- In the Veriato Vision app, select Admin | Download Agents, choose Windows, and generate and download the .exe ("Silent Installer") file.
- Run the downloaded *.exe file as Administrator on the Windows device you wish to monitor.
- Restart the machine to complete the install process.
- Test the installation.
Because the install is completely silent, after a few minutes, enter the hotkey sequence (found on the Admin | Company Account page) to make sure the agent is installed. If the password prompt appears, you know it has been installed.
Enter your login account password and press OK to open the Status panel. All recording is OFF at this point because the agent will not record until a licensed user logs in. - Check for data uploaded.
After the user has logged in and received a license, check the Veriato Vision app to make sure user activity is being uploaded from the device.
Updated: 10/07/2022