CrowdStrike Falcon Sandbox Reviews

Name: CrowdStrike Falcon Sandbox
Brand: CrowdStrike
Rating: 4.1 (7 reviews)

4.1 out of 5

7 reviews
100% willing to recommend

What is CrowdStrike Falcon Sandbox?

CrowdStrike Falcon Sandbox detects threats without impacting endpoint performance, providing users with a seamless experience. It delivers detailed reports for collaboration and offers malware analysis capabilities, identifying potential breaches and suspicious files.

Get the Anti-Malware Tools Buyer's Guide and find out what your peers are saying about CrowdStrike Falcon Sandbox, Microsoft Defender for Endpoint, VirusTotal and more!

CrowdStrike Falcon Sandbox is the #15 ranked solution in top Anti-Malware Tools. PeerSpot users give CrowdStrike Falcon Sandbox an average rating of 8.2 out of 10. CrowdStrike Falcon Sandbox is most commonly compared to Microsoft Defender for Endpoint: CrowdStrike Falcon Sandbox vs Microsoft Defender for Endpoint. CrowdStrike Falcon Sandbox is popular among the large enterprise segment, accounting for 61% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 16% of all views.

Buyer's Guide

Anti-Malware Tools

January 2025

Get the category report

Helped 860,592 peers since 2012

Featured CrowdStrike Falcon Sandbox reviews

Abhimanyu Raj

Senior Consultant at Ernst & Young

These features are probably the most essential for me. I find the notifications and alerts received from CrowdStrike server to be invaluable. They analyze Falcon and provide output regarding any kind of infected malware devices or files. We have seen returns on our investment in more than thousands of instances, which is the most important part for us.

Read full review

Valarie

SOC Technical Lead at a educational organization with 1,001-5,000 employees

It provides a safe way to analyze and review documents that may have sensitive information without uploading them to a public platform. Additionally, provides an easy way to spin up a VM without requiring additional resources and patching of personal or team-managed virtualization. This empowers analysts to fully analyze and understand the behaviors of varying executables and sites. This has enabled our team to provide a better experience to our users by identifying any false positives from our email gateway and promoting security hygiene by reporting phishing emails. An analyst will personally reply to the report with their findings after sandboxing the artifacts.

Read full review

Mahmoud_Yassin

CTSO at Cyb3r

Falcon Sandbox is used to quarantine files, scan them, and ensure there are no malicious threats or IOCs related to these files. It provides threat feed to the CrowdStrike endpoint, assisting in detection and response. It is used in the client's environment, where Mahmoud's team implements and…

Read full review

CrowdStrike Falcon Sandbox mindshare

As of July 2025, the mindshare of CrowdStrike Falcon Sandbox in the Anti-Malware Tools category stands at 1.3%, up from 0.9% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Anti-Malware Tools

Key learnings from peers

Last updated May 18, 2025

Valuable Features

CrowdStrike Falcon Sandbox is valued for threat detection without affecting endpoint performance. Its detailed reporting, malware analysis, and threat feeds enhance security. Interactive features aid incident response. It offers policy-based alerts, vulnerability assessment, and behavioral monitoring, with cloud-based management ensuring easy maintenance. Users benefit from endpoint management, compliance checks, and reducing false positives. Automatic sandboxing and signature generation assist in mitigating detections, delivering significant returns and seamless user experiences.

"On a scale of 1-10, I rate CrowdStrike Falcon Sandbox a 10 out of 10."
"CrowdStrike is an excellent tool for managing all endpoint-related security tasks."
"CrowdStrike is an excellent tool for managing all endpoint-related security tasks."

Room for Improvement

CrowdStrike Falcon Sandbox requires improvement in the support of additional operating systems such as MacOS and Windows 11. The technical support can be slow and communication can lag. The interface is cluttered and challenging to navigate. The tool faces integration issues with SOAR products and needs enhanced behavior detection. Installation problems occur during mass deployment, leading to agent corruption. There is a limitation with malware analysis for files over one GB in size.

"The CrowdStrike support is not good; the support team does not come remotely, and we repeatedly ask them to collect logs and analyze them before providing a solution via email."
"While CrowdStrike is a powerful tool, the user interface is cluttered with many features, making it challenging to navigate."
"While CrowdStrike is a powerful tool, the user interface is cluttered with many features, making it challenging to navigate."

Pricing

CrowdStrike Falcon Sandbox is considered expensive, rated around seven out of ten in terms of cost, primarily due to its usage-based pricing model that factors in the number of endpoints and required features. While the tool is not the most affordable option, users find it provides some value for money. Pricing may vary, reflecting its position above mid-range compared to other vendors in the cybersecurity industry.

"Price-wise, the tool is a bit above mid-range, maybe 7 out of 10, where 10 is the most expensive."
"CrowdStrike Falcon Sandbox is not cheap; however, whether it should be more affordable is a decision best left to the company."

Popular Use Cases

CrowdStrike Falcon Sandbox is used primarily for detecting hidden malware and quarantining files to ensure system security. It assists in investigating URLs, analyzing suspicious files, and providing threat intelligence for detection and response. Organizations use it for endpoint security, malware detection, threat analysis, real-time monitoring, and to support various security alerting activities. Falcon Sandbox is integrated into environments with diverse users and documents, enhancing safety against potential malicious threats.

Service and Support

CrowdStrike Falcon Sandbox customer service is noted for being fast and responsive, often resolving tickets in under 24 hours. Customers report receiving timely and informative responses, with specific praise for tiers like the world tier offering exceptional service. Some users rate it highly, though there are others who find the support lacking, citing issues with remote assistance and log collection delays. Responses typically occur within two hours, with rapid resolution thereafter.

Deployment

Users expressed that CrowdStrike Falcon Sandbox's initial setup was generally easy, especially for the cloud version, which required minimal effort. Integration typically completes in one day. However, there is a learning curve in creating effective policies, which can take up to a month due to the need to understand user behavior. During this period, the support team provides valuable assistance to ease complexities.

Scalability

CrowdStrike Falcon Sandbox demonstrates impressive scalability, supporting a wide range of organizations from small businesses to large enterprises. It consistently receives high ratings for scalability, with users appreciating its capability to handle growth efficiently. While many recognize its effectiveness, some suggest it may be financially accessible primarily to large entities rather than smaller ventures.

Stability

Clients report no issues regarding CrowdStrike Falcon Sandbox's stability. Many describe it as good and stable, ranking it at eight out of ten. Although not deemed 100% stable by some, it maintains high marks in reliability.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Anti-Malware Tools Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Financial Services Firm

16%

Computer Software Company

12%

Comms Service Provider

11%

Government

Educational Organization

Media Company

Healthcare Company

Manufacturing Company

University

Energy/Utilities Company

Real Estate/Law Firm

Performing Arts

Hospitality Company

Retailer

Leisure / Travel Company

Logistics Company

Recruiting/Hr Firm

Renewables & Environment Company

Construction Company

Security Firm

Insurance Company

Sports Company

Transportation Company

Wholesaler/Distributor

Outsourcing Company

Pharma/Biotech Company

Compare CrowdStrike Falcon Sandbox with alternative products

Learn more about CrowdStrike Falcon Sandbox

CrowdStrike Falcon Sandbox is designed for threat detection, offering a comprehensive approach to identifying hidden malicious programs and analyzing harmful URLs. Its integration allows for seamless evaluation of files and sandboxing of email links and attachments, supporting threat detection and response. Users value its capabilities in network connection recording, metadata analysis, and threat ratings, although some express a need for MacOS and Windows 11 support and improved SOAR integration.

What are the key features of CrowdStrike Falcon Sandbox?

Executive Detonation: Provides a simulated environment for realistic threat analysis.
Human-like Interaction: Emulates user actions for accurate threat identification.
Comprehensive Recording: Tracks network connections, processes, hashes, and fingerprints.
Threat Feeds: Supplies vital information for detecting emerging threats.

What benefits should users expect?

Malware Detection: Effectively identifies and quarantines malware.
Detailed Reports: Facilitates sharing among teams and stakeholders.
Threat Analysis: Assists in evaluating potential breach data.
Efficient Threat Handling: Offers timely identification of suspicious activities.

CrowdStrike Falcon Sandbox is implemented by organizations to strengthen security across email systems and endpoint devices. It is particularly valuable in industries needing thorough threat investigations and rapid responses to potentially harmful content, empowering users with essential threat intelligence.