# EDR setup: CrowdStrike Once the EDR is set up on a workstation or server, monitoring starts automatically and the level of protection increases gradually. No action is required on your part unless otherwise requested. ### Deployment phases The EDR ramps up in three successive phases over approximately one month, under the supervision of Stoïk's cybersecurity engineers. #### Phase 1 - Detection (observation mode) * The EDR works like an intelligent antivirus without disrupting activity. * It monitors system activity (files, processes, connections, etc.) and collects all relevant logs. * It only blocks critical threats (ransomware, major malware). {% hint style="info" %} For workstations only, Phase 1 is skipped and endpoints are set up directly at Phase 2. {% endhint %} #### Phase 2 - Enhanced prevention * The first preventive actions are put in place and certain suspicious activities begin to be blocked automatically. * Exclusion rules are added if needed to ensure compatibility with your business software. * The quarantine engine is activated, which may cause conflicts with existing antivirus software. * For customers with Windows Defender, this module is automatically disabled. {% hint style="info" %} CrowdStrike's Falcon Sensor may not appear in some fleet management tools such as Windows Security before Phase 2 is activated. {% endhint %} #### Phase 3 - Optimal protection * The EDR blocks all malicious activity in real time. The security level is at its maximum and the IT system is proactively protected. * The gradual ramp-up phases apply to the EDR module only. Other modules are automatically at maximum detection capacity from the start. {% hint style="info" %} Need to speed up or slow down the ramp-up? Contact us at and we can adapt the pace to your requirements. {% endhint %} ### Monitored assets appear automatically in Stoïk Protect Average time: 5 to 10 minutes after installation. All protected endpoints appear automatically in `MDR` > `Monitored Assets` in Stoïk Protect.
{% hint style="info" %} If a workstation is renamed, its name is automatically updated in the monitored assets list. It is not possible to rename a workstation directly from the list. {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.stoik.io/stoik-mdr/edr-setup-crowdstrike.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.