What should you do if certificate pinning or SSL inspection cannot be disabled while using CrowdStrike?

Whitelisting Falcon traffic from SSL inspection is the correct approach when certificate pinning or SSL inspection cannot be disabled while using CrowdStrike. This method allows the Falcon agent to operate effectively without interference from SSL inspection, which can disrupt secure communications and lead to performance issues or incomplete data collection. By whitelisting the specific traffic related to CrowdStrike, you ensure that the agent has the necessary access to send telemetry data and receive updates, all while maintaining the required security protocols.

Changing the network settings to allow all traffic could compromise security by exposing your network to potential threats. Uninstalling the sensor would eliminate the protection provided by CrowdStrike and should only be a last resort. Ignoring SSL settings could result in the Falcon agent being unable to communicate properly, leading to performance degradation and a lack of visibility of threats. Thus, whitelisting is the best practice in this scenario.