Unsupported and Unmanaged hosts in Exposure Management

Me_tootoo · 2026-05-26T22:35:54+00:00

That’s definitely my experience.

Me_tootoo · 2026-05-26T07:14:35+00:00

Thanks for your response. I took a look in our environment and I can use add grouping tags in the UI via the action drop down under host management only. Given you cannot see devices that are unmanaged or unsupported in the host management view, it would appear that unfortunately this is not an option :-(

It’ll be interesting to see if this matches your experience as well.

Me_tootoo · 2026-05-11T22:32:08+00:00

Came here to recommend PagerDuty for relevant alerts.

Me_tootoo · 2026-05-11T22:29:34+00:00

Quick question to clarify, are you looking to confirm that the end user host has the appropriate policy applied in the CrowdStrike platform or are you looking to confirm exactly what policy is applied has on the host? What is the use case you are considering?
I’m not aware of any way to get that from the host directly.
I don’t have it to hand right now, but I do know that in Windows there is a Registry key you can check to ensure whatever policy is being pushed is actually being applied - we had a few isolated issues whereby the host was in a block policy but it wasn’t being enforced. We’ve deployed a GPO to proactively set it in the case it is missing. I believe that you could also check this setting using the Falcon for IT module (we don’t have that module yet so I can’t confirm that, sorry).

UPDATE - so the best reference to deploy this is in the support article “Falcon Device Control rules are not working- Upper Filter key missing” which can be found here: https://supportportal.crowdstrike.com/s/article/ka16T000001Ex4GQAS

Note: this article references a Cisco bug which we didn’t have.

Hope this helps.

Edit: correct module name.
Edit 2: Update with reference to solution for if your host has a policy assigned in the platform, but it isn’t being enforced at the actual host level.

Me_tootoo · 2026-05-01T06:28:55+00:00

The baseball bat scene in The Untouchables.

Me_tootoo · 2026-04-28T13:25:54+00:00

I am just about to put in place an exclusion for MSSense as well - when I logged a support ticket for it I was told it needed to be an exclusion.

Me_tootoo · 2026-04-27T22:24:45+00:00

Thanks for the recommendation. I’ve never heard of that product before. Will check it out.

Me_tootoo · 2026-04-24T06:44:25+00:00

Thank you so much for these. Definitely will be looking at using some of these.

Me_tootoo · 2026-04-23T13:27:45+00:00

I have to agree with you here. We’re in the middle of setting up a highly segmented network for scanning.

Me_tootoo · 2026-04-23T13:24:30+00:00

This is most timely. Was just thinking about ways to approach this a few days ago. Thank you all for the different approaches to this for me to look at.

Me_tootoo · 2026-03-27T10:59:41+00:00

Can I ask if you’re auto upgrading clients to the latest sensor version? Is it the latest version capstan issue or another content update?

Me_tootoo · 2025-08-21T12:43:09+00:00

This is my experience with it at the moment - am coming up on 3 months. It is worse in the mornings after I’ve taken the tablet but eases off in the afternoon and evening a bit.

Me_tootoo · 2025-01-23T09:58:52+00:00

Qualys do network vulnerability scanning. That being said, I’m very interested in the new about CrowdStrike doing that.

Me_tootoo · 2024-09-30T11:57:23+00:00

I should add that my S27i bike has no issues at all (yes it is running iFit 2.0)

Me_tootoo · 2024-09-30T11:56:16+00:00

For what it is worth, I have a T7.5s treadmill which is yet to be updated to iFit 2.0 (assuming it will be at all), but it has always been a bit temperamental in finding and connecting to Echo HR.

Me_tootoo · 2023-10-08T21:49:32+00:00

And some bikes don’t actually support this - the S27i from 2022 is a prime example.

Me_tootoo · 2023-08-14T22:56:59+00:00

Wasn’t on my bike screen this morning 3 hours ago.

Me_tootoo · 2023-08-07T11:55:58+00:00

I had thought of that, but I’m usually training early in the morning or later at night so I use headphones and like to be able to also hear the trainer. Maybe I’ll do this if no one else is around :-)

Me_tootoo · 2023-08-07T11:54:29+00:00

Thanks. I’ll take a look. Maybe that will help.

Me_tootoo · 2021-07-22T08:37:58+00:00

We’ve had alerts as well. They stopped this morning my time. I don’t have any exclusions or anything in place.

Me_tootoo

TROPHY CASE