On-Demand Scans
• Right-click on the file in question
• Click CrowdStrike Falcon malware scan > scan (Windows 11 you’ll need to click more options first, yay bad UI decisions)
• To view the results, login to the CrowdStrike Console
• Endpoint Security > Monitor > On-Demand Scans
• Click the submission > See Full Details
• The Full Details page will display all information pertaining to the scan; duration, file's, file-paths (if scanning a folder), and if any files were quarantined and why.
Sandbox Analysis (You get 100 file submissions per month, they refill on the 1st of each month)
• Login to the CrowdStrike Console
• Counter Adversary Operations > Malware Analysis > Sandbox
• Click +Submit for analysis
• Choose the appropriate radial option
• Upload the file, archive, or URL
• Select live interaction if you want to be able to mess with the file / URL in a sandbox environment *You are limited to 5 minutes to interact with the sample.This a CS enforced standard that cannot be altered.
• Choose the detonation environment
• Browser selection is only available when URL is selected
• Choose Customize your detonation settings if there is reason to believe that a normal sandbox analysis won’t trigger the malware. Here is a link to a CS article that explains the options in greater detail https://falcon.us-2.crowdstrike.com/documentation/page/a41b307c/falcon-intelligence#mfa2d8d5
• Select email me if you want to be notified when the analysis is complete *Analysis takes anywhere from 5 - 20 minutes to complete based on scan type & file size
• Click submit
