UW-IT is currently rolling out CrowdStrike Falcon endpoint detection and response software for UW owned devices. All UW departments can request this software at no cost.
Request a CrowdStrike Falcon instance
About CrowdStrike Falcon
CrowdStrike Falcon provides robust antivirus and endpoint protection for UW laptops, desktops, and servers. It defends against sophisticated cyber threats using a lightweight agent and cloud-based technology.
The platform supports Windows, Mac and Linux, and works across major cloud services like Azure, Amazon Web Services, and Google Cloud. Falcon’s centralized dashboard enables UW security teams to monitor and manage risks in real time.
Learn about uninstalling Sophos Central and deploying CrowdStrike Falcon on our CrowdStrike Falcon for IT Admins page.
Why Endpoint Detection Matters
Endpoints, like laptops, smartphones, and servers, are frequent targets for cyberattacks. Industry estimates show that about 70% of successful begin at the endpoint. At UW, tens of thousands of these devices connect to the network daily, including from remote and global locations, making strong endpoint defense critical. CrowdStrike Falcon goes beyond traditional antivirus. It uses AI and machine learning to detect and respond to threats as they emerge, offering proactive, coordinated protection across al UW environments.
Important notice for IT administrators
After CrowdStrike Falcon is installed, your incident response process may shift. If a user reports connectivity issues, first determine whether the device has been contained by CrowdStrike.
Recommended Steps:
- Make sure users know how to contact you
- When a device loses connectivity, check if CrowdStrike Falcon containment is the cause
- Look for critical escalation or OverWatch alerts in your email
- If you use UW Connect, search the device name under the “IS EDR Incident” assignment group
- If containment is confirmed, call the UW-IT Service Desk at 206-221-5000 and request escalation for CrowdStrike containment
Frequently Asked Questions
UW’s contract with Sophos ends in August 2025. Departments currently using Sophos Central should transition to CrowdStrike Falcon as soon as possible. See instructions on removing Sophos Central (Admin KB).
Free Sophos Home service, which allowed individuals to install Sophos Home in up to 10 UW-owned or personal devices, will also end on August 30, 2025. Review the instructions on how to remove the app from your person (non-UW-owned) devices (user KB).
IT admins will have similar fleet visibility and functionality in the falcon console.
Endpoints are network-connected devices like laptops, mobile devices, tablets, Internet of things (IoT) devices, gaming consoles and printers, among many others. It doesn’t include things like routers, switches and wireless access points.
CrowdStrike Falcon doesn’t access personal files, monitor online activity, or inspect content. It only acts when a threat is present.
Each device group will have a designated contact who will be alerted if Falcon takes action. Departments are responsible for keeping these contacts up to date.
If malware is removed and systems are operating normally, no action is needed unless UW-IT follows up. If Falcon quarantines a critical host, contact the UW-IT Service Desk at 206-221-5000 for immediate escalation.
Need help?
Email help@uw.edu with “CrowdStrike Falcon” in the subject line.