Swif's agent software may occasionally trigger false-positive detections in CrowdStrike Falcon due to its security-related functionalities. To prevent these disruptions, configure exclusions in your CrowdStrike Falcon platform.
Steps to Add an Exclusion for Swif in CrowdStrike
Step 1: Log into CrowdStrike Falcon Console
Access your CrowdStrike Falcon Console.
Step 2: Navigate to the Exclusion Settings
From the left-hand navigation menu, select Configuration.
Click File Exclusions or IOA Exclusions, depending on the exclusion type you need.
Step 3: Create a New Exclusion
Click Create Exclusion.
Step 4: Configure Exclusion Parameters
Fill in the exclusion details with Swif's recommended settings:
Exclusion type: Choose File or Folder (typically "File").
Platform: Select Windows, macOS, or Linux, based on your environment.
Exclusion Pattern:
Add the following Swif-specific file paths or processes as recommended:
Windows
C:\Program Files\Swifteam\swifteam.exe
C:\Program Files\Swifteam\gorilla.exe
C:\ProgramData\Swifteam\swifteam.exe
C:\ProgramData\Swifteam\gorilla.exe
C:\ProgramData\gorilla
C:\Users\{{USER}}\AppData\Local\gorilla
macOS
/usr/local/swifteam/swifteam
Linux
/usr/bin/swifteam
/usr/bin/systemcheck
Description: Enter a descriptive text, e.g., "Swif agent file exclusion to prevent false positives."
Step 5: Apply to Policies
Select the relevant policies to which this exclusion should apply.
Click Save.
Verification
After configuring exclusions:
Deploy or verify Swif agent functionality to ensure no false positives occur.
Check CrowdStrike Falcon console alerts to confirm the exclusions are working effectively.
Recommended Best Practices
Regularly review your exclusion lists to ensure they remain accurate and secure.
Limit exclusions to essential paths to maintain optimal security posture.
If further assistance is required, contact Swif support or CrowdStrike support.