Frequently Asked Questions
Maintenance Tokens
I want to remove CrowdStrike from my endpoint but I'm being asked for a maintenance token. How do I uninstall?
ActZero prevents uninstallation of CrowdStrike sensors without a token in order to protect against sensor take out attacks or simple user errors. However, situations arise and a maintenance token is required for some endpoints. In order to help you with these situations, ActZero can provide a unique maintenance token per endpoint hostname. This would allow ActZero to help you without compromising your protection.
If you need to perform a bulk uninstallation or prefer no uninstallation protection, there are 2 more options with the acknowledgement of accepted risk on your side.
-
Disable uninstall token by groups. Provide a list of hostnames and uninstallation tokens will be removed for these hosts.
-
Disable uninstall token for all hosts.
To clarify, both of these options are discouraged as malicious actors could remove the CrowdStrike Sensor and ActZero's ability to monitor your environment. You acknowledge the risk by choosing either of these options.
ActZero strongly recommends and enables the uninstallation protection policy by default.
If you would like to enable either of the bulk uninstallation options please contact your TAM and make a formal request.