Running Crowdstrike and DNSFilter

Answered

Joe Klein

• July 05, 2024 17:02

We are looking for a replacement filtering solution and hope DNSFilter will be able to address one of our current issues.  

We use Crowdstrike for Endpoint Detection and Response.  We had an issue today in which Crowdstrike contained the host.  At that point, the host could only connect to Crowdstrike because it was network contained.  

However, the current filter solution could not connect to their SaaS service since Crowdstrike blocked it.  Additionally, the filtering solution blocked Crowdstrike since it failed closed.  

Is there a work around to create an allow list / bypass in DNSFilter that would allow Crowdstrike access regardless of if DNSFilter cloud service is available online?

Thank you.    

0

print

• 

  Bailey Taylor Community Manager DNSFilter Staff

  • July 08, 2024 16:46

  

  While we haven't historically encountered instances where a device remains in the state you've described after containment, the management of dns resolution is configured as follows:

  • The Roaming Client should prioritize using the local resolver if dns1/2 is unreachable before our intervention.
  • Adding the CrowdStrike domain to the local domains list ensures it's never blocked, allowing the Roaming Client to forward requests to the specified resolver even if dns1/2 isn't accessible. This effectively bypasses DNSFilter for that domain.

   

  0

Please sign in to leave a comment.