Name resolution (DNS) is unavailable when a Falcon host is in Network Contained mode. To scan Falcon Network Contained hosts, you must allow access to Malwarebytes Content Distribution Network (CDN). Falcon Network Contain is limited to static IP addresses.
Add the following static IP addressed to the Falcon Containment Policy:
- In your CrowdStrike dashboard, select Configuration, then click Containment Policy.
- Click Add.
- Enter each Name and IP Range individually:
Friendly Name IP Range Malwarebytes Download 34.234.177.227 Malwarebytes License Verification 54.144.41.233 Malwarebytes Heuristics Download CDN 205.185.208.98 - Click Save to confirm your policy configurations.
- Verify that Falcon host in Network Contained mode can reach the above static IP addresses.
For additional setup configuration, see: Setup Malwarebytes Remediation for CrowdStrike.
Return to the Malwarebytes Remediation for CrowdStrike integration guide.