July 2025 CrowdStrike Update Information - Security Business -Macnica

Security business menu

Security business
HOME

Service

Handling Manufacturer

Examples/reports/
Blog/Glossary

Seminar/
video on demand

TOP

Products/Services

User stories

support

- Macnica Support

Seminar content

Evaluation machine application/FAQ

Application for evaluation machine
- Request a Trial - CrowdStrike CrowdStrike
FAQ

Document request

inquiry

Event/Seminar

video on demand

CrowdStrike

July 2025 CrowdStrike Update

We are pleased to present the CrowdStrike update information for June 2025.
All of these issues have been posted on our support site, so please check those articles as well.

Registration is required for our support site.

Please click on "CrowdStrike Falcon 'Support Site Viewing Request'" on the following page to request viewing.
https://www.macnica.co.jp/business/security/manufacturers/crowdstrike/support.html

*The maintenance contract number is required for application. The maintenance contract number is listed in the notification sent to you with the subject below.
Subject: [Notice regarding delivery of CrowdStrike notification]

* Responses usually take 1 to 3 business days.

Sensor Release

Falcon Sensor for Windows 7.26.19811 Hotfix Release [Released July 22, 2025]

Main New Features
- This hotfix release does not include any new features.
Main fixes
- In a Citrix environment, we fixed an issue where unloading the Windows user registry hive failed when adding or removing a user profile using Profile Manager. This issue only occurred on sensors version 7.26.19809.
- Fixed a rare issue where the CsFalconService could hang while attempting to exit, causing the machine to require a long reboot or hard reset. This issue existed in sensors from 7.23 to 7.26.19809.
Please see our support site article for more information.
- https://support.mnc.macnica.co.jp/hc/ja/articles/48047112474649

Falcon Sensor for Windows 7.27.19907 Release Announcement [Released July 24, 2025]

Main New Features
- The sensor behavioral machine learning model (IOA-based ML) has been updated to collect behavioral data without generating detections, improving the machine learning's ability to analyze process behaviors, indicators, and patterns to identify threats.
Main changes
- Fixed an issue where the installer was installing the same version multiple times.
- To address an issue where error code 3 could occur when upgrading Windows sensors, a fix has been implemented that changes how Windows Restart Manager is configured, improving the reliability of upgrades.
  ・Detailed article: https://support.mnc.macnica.co.jp/hc/ja/articles/48631138993817
- Falcon Data Protection fixed an issue where the text analyzer was removing white space from documents, causing inconsistent content classification.
- We fixed an issue where DC information was not being sent correctly to the cloud, causing domain controllers to appear as unmonitored.
- Fixed an issue where jobs launched using PowerShell in Falcon for IT would not terminate upon timeout.
- Fixed an issue where Falcon Prevent lost security descriptors and file attributes when multiple malicious macros were detected in a quarantined Microsoft Office document.
Please see our support site article for more information.
- https://support.mnc.macnica.co.jp/hc/ja/articles/49156431108377

Falcon Sensor for Mac 7.26.19707 Release Announcement [Released July 8, 2025]

Main New Features
- A new Sensor Safe Mode feature has been introduced.
  ・Detailed article: https://support.mnc.macnica.co.jp/hc/ja/articles/48036383251481
- Added support for Falcon Data Protection for Mac. This visibility-only feature monitors sensitive data exfiltration via web uploads, clipboard, and removable media. It also includes machine learning (ML)-based anomaly detection and similar source tracking.
Main changes
- Fixed an issue where the installation complete popup screen was not displayed during manual installation on macOS Sequoia. This issue occurred in sensor versions 7.23 to 7.25.
- Fixed an issue where the status indicator would temporarily show an incorrect state when requesting approval for a sensor system extension. This issue existed for all previous supported sensors.
- A fix was first made in 7.22 to fix an issue where certain special character devices, such as TTY devices, were being evaluated unnecessarily, but this change adds improved checks to make it more robust.
Please see our support site article for more information.
- https://support.mnc.macnica.co.jp/hc/ja/articles/48659359337625

Falcon Sensor for Mac 7.27.19806 Release Announcement [Released July 25, 2025]

Main New Features
- Falcon Device Control now provides visibility and control over internal SD card readers and external Thunderbolt storage devices.
- Existing on-sensor machine learning models have been enhanced to reduce known false positives.
Main changes
- Fixed an issue where IP4Records, IP6Records, CNAMERecords, and RespondingDnsServer fields were being handled incorrectly in DnsRequestMac events.
- Fixed an issue where the "agent_local_time" API response on Mac hosts returned an incorrect timestamp.
- Fixed an issue where Falcon Firewall was unable to access SSID information on macOS Sonoma 14 and later.
- Improved script analysis on macOS Sonoma 14 and later, resulting in fewer false positives and duplicate event data being reported.
Please see our support site article for more information.
- https://support.mnc.macnica.co.jp/hc/ja/articles/49544766687769

Falcon Sensor for Linux 7.27.18003 Release [Released July 17, 2025]

Main New Features
- Added Falcon Firewall support for Linux platforms.
- Added support for Falcon Data Protection for cloud environments.
- DaemonSet containers now use Red Hat Universal Base Image (UBI) 9.6-1749632992 Micro.
- It is now possible to monitor systemd service creation and deletion events when the sensor is started, enhancing management of service activity. New events have been added: SystemdServiceCreated, SystemdServiceDeleted, and SyntheticSystemdServiceCreated.
- Improved visibility into process environment variables at sensor startup, enhancing detection of existing backdoors and targeted attacks.
- Added the ability to discover internet exposure of assets behind Layer 7 load balancers. Added InboundHttpHeader and InboundHttpParsingStatus events.
Main changes
- Fixed an issue where container instance lifecycle events were not being sent to the CrowdStrike cloud for K3s version v1.30.11+k3s1 and later.
- Fixed a file descriptor exhaustion issue, improving sensor reliability.
  ・Detailed article: https://support.mnc.macnica.co.jp/hc/ja/articles/48923257336729
- Resolved an issue where Falcon for IT was mounting directories as read-only at the root level to expand file searches.
Kernel Support
- Support has been added for new kernels, including previously unsupported versions of Amazon Linux, Debian, Oracle Linux, Red Hat Enterprise Linux, and Ubuntu.
Please see our support site article for more information.
- https://support.mnc.macnica.co.jp/hc/ja/articles/48946106795673

Falcon Sensor for Linux 7.21.17406 Maintenance Release [Released July 24, 2025]

Main New Features
- Falcon Sensor's SSL/TLS certificate support has been updated in preparation for the SSL/TLS certificate rotation in March 2026. Customers who have fixed policies related to sensor on Falcon sensor for Linux version 7.21.17405 should upgrade to 7.21.17406 in preparation for the SSL certificate rotation.
Main changes
- This release does not contain any fixes.
Please see our support site article for more information.
- https://support.mnc.macnica.co.jp/hc/ja/articles/49156935415705

Release Announcement

Regular updates to the Admin Console

CrowdStrike Falcon Console Regular Updates [As of the week of July 7, 2025]
- New Features
  Fixed an issue where newly provisioned sensors would generate false notifications under certain circumstances.
  A new endpoint version /fem/queries/external-assets/v2 has been added to request external IDs.
  You can now quickly see which networks a scanner is assigned to within the Exposure Management settings.
- For more information, please see our support site article.
  ・ https://support.mnc.macnica.co.jp/hc/ja/articles/48872961783705
CrowdStrike Falcon Console Regular Updates [As of the week of July 14, 2025]
- New Features
  A new Response Policy Audit Log feature has been added that allows you to view the history of changes made to Real Time Response (RTR) policies.
  - In the Host Management and Devices API, the "Last Logged-In User Account" attribute is now updated immediately when a user logs in.
  ・For more information, please see the article on our support site.
  ・ https://support.mnc.macnica.co.jp/hc/ja/articles/48990914661401
CrowdStrike Falcon Console Regular Updates [As of the week of July 21, 2025]
- New Features
  Falcon Exposure Management now enables you to check the configuration of your Windows and Windows Server assets against the latest CIS benchmarks.
  CrowdStrike Intelligence indicators of compromise (IOCs) for detections generated by third-party integrations and correlation rules are now available via the Falcon Console and /alerts API.
  Falcon Discover for IoT now allows you to add and manage tags when editing the attributes of ICS hosts and import hosts integrated with ICSC, making it easier to organize and search for hosts.
  XIoT now allows you to schedule cross-subnet collections in addition to local collections.
  Network Vulnerability Scan users can now monitor their license count in Exposer Management > Assets > Dashboards.
  Added the ability to quickly see which network a scanner is assigned to within Exposure Management settings.
- For more information, please see our support site article.
  ・ https://support.mnc.macnica.co.jp/hc/ja/articles/49373773236761

Other Updates

New Sensor update policies screen released
- The Sensor Update Policy page has been redesigned to have a similar look and feel to the rest of CrowdStrike Falcon Console.
  ・ https://support.mnc.macnica.co.jp/hc/ja/articles/49129016426265
Linux cloud-based ELF machine learning model update announcement [July 2025]
- Updated our Linux cloud-based machine learning (ML) models to address new and evolving threats.
  ・ https://support.mnc.macnica.co.jp/hc/ja/articles/49154605110297
Fusion SOAR | Workflows with custom event queries can now be imported and used in other CIDs
- Fusion SOAR now supports creating actions that use workflow-specific custom event queries, and allows workflows containing these actions to be imported into other CIDs.
  ・ https://support.mnc.macnica.co.jp/hc/ja/articles/49268376237977
Improved advanced data transformation and variable manipulation in Fusion SOAR
- The ability to use functions to transform data within conditions has been expanded to write more expressive conditions.
  ・ https://support.mnc.macnica.co.jp/hc/ja/articles/49298110932633

Module-specific updates

Falcon Identity Protection
- Falcon Identity Protection 5.94.76706 Release [Released July 2, 2025]
  Key New Features: New actions have been added to Falcon Fusion SOAR to allow adding and removing accounts from Active Directory groups, enabling automated responses through dynamic changes in group membership.
  - Major fixes: Fixed an issue where the "Last Login" timestamp for local administrators would load infinitely in the About tab of the Entity page, and an issue where DCs would not be set to monitoring state.
  -https://support.mnc.macnica.co.jp/hc/ja/articles/48705294297625
- Falcon Identity Protection 5.95.77626 Release [Released July 17, 2025]
  Major new features: Added logic for Suspicious LDAP Search detection for user searches that do not require Kerberos pre-authentication, and improved logic for Pass the Hash detection for Impacket.
  Major fix: Fixed an issue where the name displayed for hybrid AWS accounts was not the primary account name.
  -https://support.mnc.macnica.co.jp/hc/ja/articles/49095828616473
- Falcon Identity Protection 5.96.78084 Release [Released July 28, 2025]
  Key new features: Severity of Suspicious web based activity and Access from IP with bad reputation detections updated to high, HaveIBeenPwned dictionary updated to include the latest breach information, and classification changes added to the entity timeline.
  - Major fixes: Fixed an issue where multiple password policies with the same priority were applied and a false positive for Azure/AWS accounts for hybrid users.
  -https://support.mnc.macnica.co.jp/hc/ja/articles/49544797631001
- Falcon Next-Gen SIEM
  Falcon Next-Gen SIEM: Recently Released Features, Fixes, and Known Issues [July 2025 Update]
  Improved event aggregation and retrieval capabilities, new data connectors and rule templates, a dedicated connector for LogScale Collector, Inbound Webhook Triggers for real-time workflow triggering, and scheduling support for Cross Subnet Collection.
  -https://support.mnc.macnica.co.jp/hc/ja/articles/49260992445849
Falcon Cloud Security
- Falcon Cloud Security | Enhanced access controls and updated cloud group capabilities
  - New attributes have been added to improve Cloud group filtering.
  - Resource selection now allows you to select cloud resources and images.
  - Cloud group filters have been added to some pages.
  -https://support.mnc.macnica.co.jp/hc/ja/articles/48763086945817
- Falcon Cloud Security | Cloud security posture rules page update
  Updates to the Cloud security posture rules page streamline management of IOM rules.
  -https://support.mnc.macnica.co.jp/hc/ja/articles/48951088859673
- Falcon Cloud Security | Assets Explorer page update
  The Assets Explorer dashboard replaces the Cloud asset inventory page, streamlining asset visualization and helping you quickly find important information.
  -https://support.mnc.macnica.co.jp/hc/ja/articles/49307791258009
Falcon Exposure Management
- Release of manual vulnerability and assessment updates
  You can now manually reassess a host's vulnerabilities or assessment results.
  -https://support.mnc.macnica.co.jp/hc/ja/articles/48346656542105
- Asset Management adds new generative AI application category
  Discover AI-powered Windows and Mac apps in the new Applications category.
  -https://support.mnc.macnica.co.jp/hc/ja/articles/48784691639961
- Announcing new Exposure Management policies and Internet Exposure detection settings for Linux hosts
  Internet exposure assessment is now available for Linux hosts operating behind connecting end devices and Layer 7 load balancers.
  -https://support.mnc.macnica.co.jp/hc/ja/articles/48951257055129
- Announcement of new vulnerability detection feature for Google Container-Optimized OS
  - Vulnerabilities can now be detected in Google Container-Optimized OS (COS).
  -https://support.mnc.macnica.co.jp/hc/ja/articles/48989495238553
- Expanded CIS benchmark check functionality for Microsoft Intune for Windows [July 17, 2025]
  You can now use the Falcon Exposure Management configuration assessment tool to check your Microsoft Intune assets for Windows 10 and Windows 11 for misconfigurations against the new CIS benchmarks.
  -https://support.mnc.macnica.co.jp/hc/ja/articles/49089153203225
- Exposure Management Configuration Assessment now supports customizable Active Directory group and user names
  You can now edit Active Directory (AD) user and group names in configuration assessment rules to meet the specific requirements and assessments of your environment.
  -https://support.mnc.macnica.co.jp/hc/ja/articles/49130120844953
- About deleting unmanaged and unsupported assets in Asset Management
  You can now clean up your asset inventory by deleting unmanaged or unsupported assets from CrowdStrike Falcon Console.
  -https://support.mnc.macnica.co.jp/hc/ja/articles/49259350928793
Falcon Complete
- Updated date range for Falcon Complete dashboard
  New date range options are now available for response time and resolution time metrics on Falcon Complete custom dashboards.
  -https://support.mnc.macnica.co.jp/hc/ja/articles/49131341211033
Falcon Data Protection
- Introducing the ability to monitor egress events on Mac hosts using Falcon Data Protection
  Falcon Data Protection is now available for Mac hosts.
  -https://support.mnc.macnica.co.jp/hc/ja/articles/48784428956569
Falcon Device Control
- Update for Device Control Tampering Prevention for Windows
  - Added the ability to exclude hosts in customer environments that do not have a Device Control subscription from detecting tampering with critical Device Control registry objects on Windows hosts.
  -https://support.mnc.macnica.co.jp/hc/ja/articles/48564741860121
- Flight Control Support in Device Control Policy
  -Device Control Policies now support Flight Control, allowing parent tenants to manage child tenant Device Control Policies.
  -https://support.mnc.macnica.co.jp/hc/ja/articles/48942619284889
Falcon Firewall Management
- Falcon Firewall Management now supports Linux sensors in User Mode
  Firewalls on Linux hosts can now be managed centrally from CrowdStrike Falcon Console using Falcon Firewall Management.
  -https://support.mnc.macnica.co.jp/hc/ja/articles/49131608652313
Falcon for IT
- Announcing API support for Falcon for IT
  - You can now use the Falcon for IT API to create, manage, and collect data about tasks, task groups, and policies, as well as run and schedule tasks.
  -https://support.mnc.macnica.co.jp/hc/ja/articles/49091761219737
Falcon Intelligence
- Counter Adversary Operations Console Menu Update
  The CrowdStrike Falcon Console menu has been reorganized to make it easier to find important tasks and content.
  -https://support.mnc.macnica.co.jp/hc/ja/articles/49088507062809
- New Counter Adversary Operations screen now available
  The Counter Adversary Operations screen has been redesigned to provide a clearer understanding of threats and the ability to investigate and respond more quickly.
  -https://support.mnc.macnica.co.jp/hc/ja/articles/49108195282969
Falcon Mobile
- AppSideloadDetect detection improvements
  - "AppSideloadDetect" currently uses installerPackageName to determine whether an app is sideloaded. However, by changing it to use initiatingPackageName, which is available in Android 11 and later, we expect the detection capability to improve.
  -https://support.mnc.macnica.co.jp/hc/ja/articles/48746399482009

Notes and Restrictions

[IMPORTANT] Active exploits targeting on-premise SharePoint servers (CVE-2025-53770 / CVE-2025-53771)
- CrowdStrike has identified exploitation of CVE-2025-53770 (ToolShell) in Microsoft SharePoint.
- This exploit, primarily used to upload malicious ASPX (.aspx) files (most commonly by attempting to access IIS MachineKeys), is already protected by Falcon.
  ・ https://support.mnc.macnica.co.jp/hc/ja/articles/49120503760281
Falcon Shield API migration to the Falcon Platform
- The legacy Falcon Shield API endpoints are scheduled to be deprecated on January 11, 2026.
- Creation of new API keys for legacy API endpoints will no longer be possible on the Falcon Shield portal.
- API keys already created for the legacy API endpoints will continue to work until January 11, 2026.
- This change only affects US-1, US-2, and EU-1 customers.
- Legacy Adaptive Shield US and EU cloud customers are not impacted
  ・ https://support.mnc.macnica.co.jp/hc/ja/articles/48668344194201
Falcon EASM | Changes to DMARC configuration detection logic (after June 30, 2025)
- Falcon Surface evaluates DMARC settings by making DNS requests to customer domains and checking TXT records, but accurate evaluation is difficult if the protected domain is not registered. With this change, customers can upload the domain information for which they want to evaluate DMARC settings to the Falcon Surface UI, minimizing DNS requests and enabling more accurate evaluation.
  ・ https://support.mnc.macnica.co.jp/hc/ja/articles/47490408134553
180-Day Notice | Changes to MITRE ATT&CK Data in Alerts API, Detection Summary Events, Workflows, and Unified Detections [Scheduled for Deprecation on January 20, 2026]
- To accommodate multiple MITRE ATT&CK tactics and techniques per alert, we've introduced a new mitre_attack array to the Alert API. As a result, the separate tactics and techniques fields will be deprecated by January 20, 2026, and API users are encouraged to update their code.
  ・ https://support.mnc.macnica.co.jp/hc/ja/articles/49306717772185
End of support for macOS Ventura Version 13
- Support for macOS Ventura Version 13 will end on December 31, 2025.
  ・ https://support.mnc.macnica.co.jp/hc/ja/articles/48774824918553
Falcon Firewall SSID Network Location Settings and User Permission Requirements on macOS Sonoma 14 and Later
- On macOS Sonoma 14 and later, when Falcon Firewall accesses SSID information, the user must approve the location permission popup. Since it is not MDM-managed, firewall rules based on network location will not be applied without this permission.
  ・ https://support.mnc.macnica.co.jp/hc/ja/articles/49093011804697
Falcon Sensor for Linux | Coming soon, Falcon Sensor for Linux will no longer have Kernel Mode options when User Mode is compatible
- In the Falcon Sensor for Linux, currently scheduled for release in October 2025, the option to force the Linux sensor to run in Kernel Mode if the host distribution and kernel support User Mode execution will be removed. More details will be announced in the release notes for the upcoming sensor release.
  ・ https://support.mnc.macnica.co.jp/hc/ja/articles/49260720814361

Maintenance and fault information

Please check our support site as necessary for maintenance and failure information.
- https://support.mnc.macnica.co.jp/hc/ja/sections/9138587365017

Inquiry/Document request

In charge of Macnica CrowdStrike Co., Ltd.

inquiry Document request

TEL：045-476-2010
E-mail：crowdstrike_info@macnica.co.jp

Weekdays: 9:00-17:00

Site Search