Scribd
Upload
3K views3 pages

On-Demand Scanning End User Guide

This document provides guidance on using CrowdStrike Falcon malware scanning on Windows computers. It describes how to run scans on specific files/folders, drives, or the system drive. It also explains how to view scan status/results and quarantined files. Scans check for malware in portable executable files on local storage and can be initiated on-demand by users or automatically.

Uploaded by

TTS
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
3K views3 pages

On-Demand Scanning End User Guide

This document provides guidance on using CrowdStrike Falcon malware scanning on Windows computers. It describes how to run scans on specific files/folders, drives, or the system drive. It also explains how to view scan status/results and quarantined files. Scans check for malware in portable executable files on local storage and can be initiated on-demand by users or automatically.

Uploaded by

TTS
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

02/06/2023, 23:37 On-Demand Scanning End User Guide | On-Demand Scanning | Endpoint Security | Documentation | Support and resources

rt and resources | Falcon

CrowdStrike Falcon Malware Scanning User Guide


Last updated: May 10, 2023

Contents:
Understanding CrowdStrike Falcon malware scanning
Quarantined files

Running and managing scans


Get to the CrowdStrike Falcon malware scanning menu
Scan a specific file or folder
Scan the full system drive
Scan all local drives
Pause or resume a scan
Stop a scan

Viewing scan status and results


View scan status
View scan results
CrowdStrike Falcon malware scanning field reference

This guide is for end users who want to run CrowdStrike Falcon malware scans on their local Windows computers.

Understanding CrowdStrike Falcon malware scanning


CrowdStrike Falcon malware scanning can detect and quarantine portable executable (PE) files that contain dormant malware before they execute.

When you initiate a CrowdStrike Falcon malware scan, it runs immediately on your local Windows computer. For example, you might want to run a malware scan after
you’ve downloaded new files on your computer, or when you’ve noticed unusual behavior on your computer.

You can run a scan on a selected file or folder, the full system drive, or all drives on your computer. Subfolders are automatically included in scans.

Only PE files, such as .exe and .dll files, can be scanned. Additionally, only files saved locally are scanned. Examples of scannable files include files on your
computer’s hard drive, or files on a USB storage device or SAN drive that’s attached to your computer. Network drives, mapped network shares, and cloud storage
drives are skipped during scanning.

Depending on how your CrowdStrike Falcon administrator has configured scanning, scans might also be initiated by your administrator or through an automated
trigger. For example, a scan might automatically start whenever you insert a USB storage device into your computer.

Depending on how your CrowdStrike Falcon administrator has configured scanning, temporary status notifications might appear during and after the scanning
process.

Quarantined files
Depending on how your CrowdStrike Falcon administrator has configured scanning, malicious files might be quarantined during a scan.

Files that were quarantined from a USB device and then subsequently released by your administrator are added to C:\ProgramData\CrowdStrike on your
computer.

Running and managing scans

Get to the CrowdStrike Falcon malware scanning menu


The CrowdStrike Falcon malware scanning menu is where you can start, pause, resume, or stop a scan, and where you can view the results of a scan. The available
menu selections vary depending on the context and status of a scan.

https://falcon.us-2.crowdstrike.com/documentation/297/windows-on-demand-scanning-end-user 1/3
02/06/2023, 23:37 On-Demand Scanning End User Guide | On-Demand Scanning | Endpoint Security | Documentation | Support and resources | Falcon

On your local computer, right-click your Windows desktop or a specific file or folder, and then select CrowdStrike Falcon malware scan. A menu shows the
available scanning options.

Scan a specific file or folder


Initiate a CrowdStrike Falcon malware scan of a specific file or folder on your local computer.

On your local computer, right-click the file or folder that you want to scan, and then select CrowdStrike Falcon malware scan > Scan. The scan begins
running.

For info about viewing scan results, see Viewing scan status and results.

Scan the full system drive


Initiate a CrowdStrike Falcon malware scan of the full system drive (for example, the C: drive) on your local computer.

On your local computer, right-click the Windows desktop, and then select CrowdStrike Falcon malware scan > Scan system drive. The scan begins running.

For info about viewing scan results, see Viewing scan status and results.

Scan all local drives


Initiate a CrowdStrike Falcon malware scan of all drives on your local computer.

On your local computer, right-click the Windows desktop, and then select CrowdStrike Falcon malware scan > Scan all drives. The scan begins running.

For info about viewing scan results, see Viewing scan status and results.

Pause or resume a scan


Pause or resume a currently running scan that was initiated by your CrowdStrike Falcon administrator or by another method.

Note: If your CrowdStrike Falcon administrator configured a maximum pause duration, the scan automatically resumes after the maximum pause time has elapsed.

On your local computer, right-click the Windows desktop, and then select CrowdStrike Falcon malware scan (in progress) > Pause scan or CrowdStrike
Falcon malware scan (in progress) > Resume scan.

Stop a scan
Stop a scan that you initiated before it finishes running. You cannot restart a stopped scan.

Note: You can stop scans that you initiated. However, you cannot stop scans that were initiated by your CrowdStrike Falcon administrator or by another method.

On your local computer, right-click the Windows desktop, and then select CrowdStrike Falcon malware scan (in progress) > Stop scan. The scan stops
running.

Viewing scan status and results

View scan status


Depending on how your CrowdStrike Falcon administrator has configured scanning, temporary status notifications might appear during and after the scanning
process.

View scan results


View the results of CrowdStrike Falcon malware scans that have run on your local computer, including info about any files that were quarantined. For more info about
quarantined files, see Quarantined files.

Scan results are purged after your computer reboots.

https://falcon.us-2.crowdstrike.com/documentation/297/windows-on-demand-scanning-end-user 2/3
02/06/2023, 23:37 On-Demand Scanning End User Guide | On-Demand Scanning | Endpoint Security | Documentation | Support and resources | Falcon

Because not all file types are scanned, the reported number of files scanned might differ from the total file count in the scan results.

On the local computer, right-click the Windows desktop, and then select CrowdStrike Falcon malware scan > See results of last scan. The scan results
appear.

CrowdStrike Falcon malware scanning field reference


These fields might appear when you’re viewing scan status notifications or scan results. The exact fields shown depend on the specific notification or scan type.

Field Description

Scan ID The unique identifier for the scan

Status The current status of the scan

Initiated from The event or entity that triggered the scan

Start time The date and time when the scan started, in the local computer’s time zone

End time The date and time when the scan stopped, in the local computer’s time zone

The total number of portable executable files that were scanned


Scanned files
Note: Only PE files, such as .exe and .dll files, are scanned.

Traversed files The total number of files that were traversed in the specified file paths, including files that were skipped during scanning

Unsupported files The number of files that were traversed but not scanned

The total number of files in the selected folders or drives, including scanned files, unsupported files that were skipped, and files that were
Total seen files
explicitly excluded from scanning by your Falcon administrator

Suspicious file
The number of scanned PE files that contained malware
count

Root scan path The top-level path that was scanned

Suspicious files The path for each scanned file that contained malware

https://falcon.us-2.crowdstrike.com/documentation/297/windows-on-demand-scanning-end-user 3/3

You might also like