Skip to main content
CrowdStrikebeginner

Check CrowdStrike Falcon Sensor Status: Verify Sensor Running (Windows/Mac/Linux)

Verify CrowdStrike Falcon sensor is running with step-by-step commands for Windows (sc query csagent), Mac (falconctl stats), and Linux (systemctl status falcon-sensor). Check sensor version, service status, and troubleshoot connectivity issues.

5 min readUpdated January 2026

Ensuring the CrowdStrike Falcon Sensor is running properly on your endpoints is essential for maintaining security. This guide provides simple verification steps for Windows, macOS, and Linux to confirm that the sensor is installed, active, and communicating with the CrowdStrike Falcon Console.

CrowdStrike Falcon Command Builder

Generate CrowdStrike Falcon sensor commands for Windows, macOS, and Linux: install with CID and provisioning tokens, uninstall with a maintenance token, verify the sensor is running, configure proxies, and set grouping tags.

Open the full CrowdStrike Falcon Command Builder
Loading interactive tool...

Want us to handle this for you?

Get expert help →

Checking the Falcon Sensor on Windows

Method 1: Verify via Command Prompt

  1. Open Command Prompt by pressing Win + R, typing cmd, and pressing Enter.
  2. Type sc query csagent and press Enter.
  3. If the STATE shows RUNNING, the Falcon Sensor is active. If it is STOPPED, start it by typing net start csagent and pressing Enter.

Method 2: Verify via Control Panel

  1. Open Control Panel and go to Programs and Features.
  2. Look for CrowdStrike Falcon Sensor in the installed programs list.
  3. If it is listed, the sensor is installed.

Method 3: Check Connection to the Falcon Console

  1. Log into the CrowdStrike Falcon Console at: https://falcon.crowdstrike.com or https://falcon.us-2.crowdstrike.com/ (Varies by tenant).
  2. Click Hosts > Host Management.
  3. Search for the computer name.
  4. If the device appears and shows as Connected, the sensor is functioning properly.

Checking the Falcon Sensor on macOS

Method 1: Verify via Terminal

  1. Open Terminal (Command + Space, type “Terminal”, and press Enter).
  2. Type sudo /Applications/Falcon.app/Contents/Resources/falconctl stats and press Enter.
  3. Look for the message “Sensor operational: true”.
  4. If the sensor is not running, restart it by typing sudo launchctl load /Library/LaunchDaemons/com.crowdstrike.falcon.Agent.plist and pressing Enter.

Method 2: Check Falcon Sensor in System Preferences

  1. Open System Settings (or System Preferences on older macOS versions).
  2. Go to Privacy & Security > Full Disk Access.
  3. Ensure CrowdStrike Falcon Sensor has the required permissions.

Method 3: Check Connection to the Falcon Console

  1. Log into the Falcon Console at https://falcon.crowdstrike.com.
  2. Click Hosts > Host Management.
  3. Search for your Mac’s hostname or serial number.
  4. If the device appears as Connected, the Falcon Sensor is working.

Checking the Falcon Sensor on Linux

Method 1: Verify the Sensor Service

  1. Open Terminal.
  2. Type sudo systemctl status falcon-sensor and press Enter.
  3. If the output shows Active (running), the sensor is operational.
  4. If the sensor is not running, start it by typing sudo systemctl start falcon-sensor and pressing Enter.

Method 2: Check Sensor Version and Status

  1. Open Terminal.
  2. Type sudo falconctl stats and press Enter.
  3. Look for the message “Sensor operational: true”.

Method 3: Verify Connection to Falcon Console

  1. Log into the Falcon Console at https://falcon.crowdstrike.com.
  2. Click Hosts > Host Management.
  3. Search for the hostname or IP address of your Linux machine.
  4. If the device appears as Connected, the Falcon Sensor is working properly.
Free Download

The CrowdStrike Falcon Admin Cheat Sheet

Quick-reference commands, pre-built exclusion templates for SQL Server, SCCM, Exchange, and Domain Controllers, plus sensor health check scripts.

CrowdStrike Falcon Cheat SheetCommands, exclusion templates, and health scripts

No spam. Unsubscribe anytime.

Troubleshooting Sensor Issues

1. Sensor is Installed but Not Running

  • Restart the system and run the verification steps again.
  • Check Windows Services, macOS System Extensions, or Linux systemctl logs to ensure the service is not blocked.

2. Sensor Not Reporting to the Falcon Console

  • Ensure the endpoint has an active internet connection.
  • Test connectivity to your CrowdStrike cloud region:
Cloud RegionPing Test Command
US-1ping ts01-b.cloudsink.net
US-2ping ts01-gyr-maverick.cloudsink.net
EU-1ping ts01-lanner-lion.cloudsink.net
US-GOV-1ping ts01-laggar-gcw.cloudsink.net
  • If the ping fails, check firewall or proxy settings.
  • Verify your cloud region by logging into the Falcon Console and checking the URL domain (falcon.crowdstrike.com = US-1, falcon.us-2.crowdstrike.com = US-2, etc.).

3. Service Fails to Start

  • On Windows, type net start csagent in Command Prompt.
  • On macOS, type sudo launchctl load /Library/LaunchDaemons/com.crowdstrike.falcon.Agent.plist in Terminal.
  • On Linux, type sudo systemctl restart falcon-sensor in Terminal.

Frequently Asked Questions

Find answers to common questions

To verify that the Falcon Sensor is actively reporting, log into the CrowdStrike Falcon Console at https://falcon.crowdstrike.com. Navigate to Hosts > Host Management and search for the hostname or IP address of your endpoint. If the device appears as 'Connected', the sensor is functioning correctly. If not, check your internet connection by pinging ts01-b.cloudsink.net. If the ping fails, investigate your firewall or proxy settings, as they may be blocking communication.

If the Falcon Sensor is installed but not running, open Command Prompt and enter 'sc query csagent' to check its status. If the STATE shows 'STOPPED', restart the service by typing 'net start csagent'. If it continues to fail, review Windows Services for any restrictions or conflicts. Additionally, ensure that your system has the necessary permissions and policies configured to allow the Falcon Sensor to operate without interference.

If the Falcon Sensor on macOS is unresponsive, first check system permissions by navigating to System Settings > Privacy & Security > Full Disk Access and confirm that CrowdStrike Falcon has access. If permissions are correct, open Terminal and run 'sudo /Applications/Falcon.app/Contents/Resources/falconctl stats' to check operational status. If it shows 'Sensor operational: false', restart the service with 'sudo launchctl load /Library/LaunchDaemons/com.crowdstrike.falcon.Agent.plist'. If issues persist, reboot the device and verify the configurations.

Need help shipping something?

Productized MVP development for founders. 9 SaaS apps shipped — yours could be next, in 6 weeks.

Learn About Secure MVPExplore Custom Software Development

Related Articles

CrowdStrike Falcon RBAC Guide: User Roles, Permissions & Least Privilege Access

Complete guide to CrowdStrike Falcon RBAC and user permissions. Configure least privilege access, create SOC analyst roles, manage admin permissions, and troubleshoot access issues.

Read More →

CrowdStrike Exchange Exclusions | Configure Falcon for Exchange Server

Configure CrowdStrike exclusions for Exchange Server. Protect database files, logs, and processes to ensure mail flow.

Read More →

Deploy CrowdStrike Falcon via GPO | Active Directory Guide

Step-by-step guide to deploy CrowdStrike Falcon sensors using Group Policy. Silent installation, startup scripts, troubleshooting tips for AD environments.

Read More →

Related Tools

Free tools to help you implement what you learned

EDR Needs Assessment

Evaluate your endpoint detection and response requirements

Try it free →

MITRE ATT&CK Explorer

Map threats to the MITRE ATT&CK framework

Try it free →

Incident Response Playbook

Generate customized IR playbooks for your organization

Try it free →
Back to CrowdStrike