CSAV – CrowdStrike Antivirus Resource Monitor

The intent of the CSAV tool is to recognize the registered system’s antivirus product and monitor it for resource usage (disk space used, maximum CPU usage, RAM usage etc) and compare the obtained values to other AV products.

CSAV - CrowdStrike Antivirus Resource Monitor
CSAV – CrowdStrike Antivirus Resource Monitor

When a non-CrowdStrike antivirus product is registered on the system, results obtained from monitoring that product will be compared to values previously recorded for CrowdStrike Falcon.

When CrowdStrike Falcon is instead the primary solution on the system, values obtained from monitoring that will be compared to values previously recorded for all other antivirus products.

When you click the CSAV Resource Usage Test – Start button to begin monitoring, the tool queries the Windows Security Center for the registered antivirus product on the system through use of an “official” (although largely undocumented) API (Application Programming Interface).

Once the registered AV is known, the tool can monitor it for resource usage, which includes:

  • Determining how much disk space the AV application takes up.
  • Monitoring the RAM usage of the components of the product.

The tool may also provide the path to the executable on disk responsible for the “Main Product” UI.AV product name , version and RAM / CPU usage.

You can read more and download this tool over here: https://www.crowdstrike.com/resources/community-tools/crowdstrike-antivirus-resource-monitor/

Share