Skip to main content

Configuring CrowdStrike Falcon Exclusions for Swif.ai to Prevent False Positives

Updated this week

Swif's agent software may occasionally trigger false-positive detections in CrowdStrike Falcon due to its security-related functionalities. To prevent these disruptions, configure exclusions in your CrowdStrike Falcon platform.

Steps to Add an Exclusion for Swif in CrowdStrike

Step 1: Log into CrowdStrike Falcon Console

Step 2: Navigate to the Exclusion Settings

  1. From the left-hand navigation menu, select Configuration.

  2. Click File Exclusions or IOA Exclusions, depending on the exclusion type you need.

Step 3: Create a New Exclusion

  • Click Create Exclusion.

Step 4: Configure Exclusion Parameters

Fill in the exclusion details with Swif's recommended settings:

  • Exclusion type: Choose File or Folder (typically "File").

  • Platform: Select Windows, macOS, or Linux, based on your environment.

  • Exclusion Pattern:

Add the following Swif-specific file paths or processes as recommended:

Windows

C:\Program Files\Swifteam\swifteam.exe 
C:\Program Files\Swifteam\gorilla.exe
C:\ProgramData\Swifteam\swifteam.exe
C:\ProgramData\Swifteam\gorilla.exe
C:\ProgramData\gorilla
C:\Users\{{USER}}\AppData\Local\gorilla

macOS

/usr/local/swifteam/swifteam

Linux

/usr/bin/swifteam
/usr/bin/systemcheck
  • Description: Enter a descriptive text, e.g., "Swif agent file exclusion to prevent false positives."

Step 5: Apply to Policies

  • Select the relevant policies to which this exclusion should apply.

  • Click Save.

Verification

After configuring exclusions:

  • Deploy or verify Swif agent functionality to ensure no false positives occur.

  • Check CrowdStrike Falcon console alerts to confirm the exclusions are working effectively.

Recommended Best Practices

  • Regularly review your exclusion lists to ensure they remain accurate and secure.

  • Limit exclusions to essential paths to maintain optimal security posture.

If further assistance is required, contact Swif support or CrowdStrike support.

Did this answer your question?