Has anyone experienced Rapid7 agent installation attempting to uninstall/modify service of other security tools present on the system such as Crowdstrike?
An installation script was deployed via Ansible and my SOC team got a lot of alerts about a Rapid7 agent trying to disable CrowdStrike. Is this normal? What am I doing wrong?
Thanks @brandon_mcclure for your response. Could it be that the installer is corrupted (it was downloaded straight from IVM platform) or it might be the script?
I haven’t seen that happen. I have seen Crowdstrike be quick to alert on application updates when they perform cleanup so maybe the alert was misinterpreted and the agent was either
Installing for the first time and performing cleanup of temp files
Updating the agent and performing cleanup of temp files or removing old files
Those are both guesses though.
Thanks @Ralph!
It’s really hard to tell what might have triggered those Crowdstrike alerts. I haven’t seen the alerts again after modifying the script.