EDRCheck CrowdStrike Check #2
Description
Hey,
Wanted to let you know that CrowdStrike drivers can sometimes be found in their own directory:
C:\Windows\System32\drivers\CrowdStrike
You might want to add a check for that directory or use the '-Recurse' switch in Get-ChildItem to make sure you are capturing those directories as well (in my instance you need to be in the Administrators group to read what is in that directory so adding '-Recurse' will cause an error for non-admins). Thanks.