Findings
Generator
Configuration
Lucidum Reverse
Architecture
Statistics
← All Findings
Vendor:
CrowdStrike Falcon
FIN-610
Weight:
5
4
3
2
1
Confidence:
High
Medium
Low
Edited:
2026-03-06 18:15
Verified
What It Detects
A Falcon sensor in Reduced Functionality Mode (RFM) has active threat detections on the host. The sensor is running but operating with degraded capabilities due to kernel or driver incompatibilities, meaning it cannot fully detect, prevent, or remediate the identified threats. This is a dangerous combination: threats have been identified but the primary security tool on the endpoint cannot mount a complete response. Additional threats may also be going undetected due to the reduced sensor capabilities.
MITRE ATT&CK Techniques
Comma-separated, e.g. T1078, T1190
Checks
read-only
Field
Operator
Value
Status
equals
rfm
Threat List
not_empty
Remediation
×
×
×
×
+ Add item
Why It Matters
×
×
×
+ Add item
Save Changes
Export Lucidum