This is an introduction to the Malwarebytes Remediation for CrowdStrike tool.
Malwarebytes Remediation for CrowdStrike (MRfCS) is a utility that allows an IT professional to scan for and remediate malware on Windows hosts already running the CrowdStrike Falcon antivirus. Combining the capabilities of the CrowdStrike sensor and Malwarebytes scanning engine, MRfCS is able to scan an entire host for malware, adware, potentially unwanted programs (PUPs), and artifacts that they may leave behind. MRfCS is triggered remotely and runs silently, allowing users to continue their work without being disrupted.
MRfCS uses the CrowdStrike Real Time Response (RTR) functionality to remotely connect to a Windows host. From there it begins a scan for any malicious files, start up items, registry keys, or other artifacts left behind by malware. The scan's intensity and thoroughness is chosen by the IT professional. MRfCS runs silently in the background, without disrupting the user of the computer. Once it has completed, MRfCS reports its findings back to the IT professional, deletes the problem files and artifacts it discovered, and then removes itself from the system. In this way MRfCS maintains a minimal system footprint after scans have concluded.
MRfCS is available to all IT professionals who deploy CrowdStrike Falcon to the hosts they support, regardless of their management model. Please see Endpoint Security, CrowdStrike, What is CrowdStrike? for information on getting started with CrowdStrike Falcon.
Once the CrowdStrike sensor has been installed on a Windows Host, some configuration will be required. Please see Endpoint Security, Malwarebytes Remediation for CrowdStrike, Prerequisites for information on the necessary requirements.