>We at MIT CSAIL stoped using crowdstrike partly becuase they refused >to fix this despite us providing a patch to falcon-sensor (whcih is >just a tarred pile of shell scripts). > >The need to excluse /afs from their scans there's several ways to do >this (they use "find" internally). > >We found them unhelpful and very good at talkign to magnagement types >and very bad at anyting actually technical.
For what it's worth ... we ran into this EXACT issue not with crowdstrike, but some other similar product (which I want to say was McAfee something or other, maybe). The situation was even more comical, because, AGAIN, all they had to do was exclude /afs, but ... as it was explained to me, the online portal to submit change requests was broken and we couldn't formally submit the change request. And the online portal was broken for ... years? Like, LITERALLY, it was down for at least a year. There were a lot of management layers between us and the people who could submit the change request, so I don't know how accurate that was. And this was a couple of years ago so maybe the situation has changed. But the general obnoxiousness of the security software vendor seems to be universal, sadly. The upside was, however, that because it ended up crashing our system we could use the legitimate excuse, "We can't run that, it crashes our systems and the support portal doesn't work, see ticket X". So ... the system works, I guess? --Ken _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info