How to resolve HIP Match issue on OS device for Crowdstrike Falcon
6954
Created On 08/13/21 19:22 PM - Last Modified 08/07/24 19:56 PM
Objective
How to resolve HIP Match issue on OS device for Crowdstrike Falcon
Environment
- PAN-OS
- GlobalProtect
- OS devices (Windows, macOS, Linux, etc)
- HIP object for Crowdstrike Falcon
Procedure
Cause
- When the firewall has a HIP object for Crowdstrike Falcon , Any OS devices wont match to this hip object , however the Mac and Windows device can match properly.
- The issue is OS device hip object showed the Crowdstrike Falcon and the hip object on firewall configure CrowdStrike Falcon and this is causing the HIP match wont hit on firewall properly.
- This is the wrong firewall config : ( Objects > GlobalProtect > HIP objects > Anti-Malware > CrowdStrike, Inc. > Product )
- This is the OS device hip match : ( Monitor > HIP Match )
To FIX
- Navigate to Objects > Hip objects > Anti-Malware > CrowdStrike, Inc. > Product > Crowdstrike Falcon
- Change ONLY "product name and used the lower case "Crowdstrike Falcon" and use the lowercase "s"
- Click OK
- Commit