Findings
Generator
Configuration
Lucidum Reverse
Architecture
Statistics
← All Findings
Vendor:
CrowdStrike Falcon
FIN-615
Weight:
5
4
3
2
1
Confidence:
High
Medium
Low
Edited:
2026-03-06 18:14
Verified
What It Detects
A Falcon sensor in Reduced Functionality Mode (RFM) is installed on an unmanaged (shadow IT) asset. RFM typically requires manual intervention to resolve — usually a sensor update or OS/kernel compatibility fix. On an unmanaged asset with no designated owner or IT governance, the RFM condition will persist indefinitely because no one is responsible for maintaining the endpoint. This means the asset has permanently degraded security protection with no remediation path through existing IT processes.
MITRE ATT&CK Techniques
Comma-separated, e.g. T1078, T1190
Checks
read-only
Field
Operator
Value
Status
equals
rfm
IT Managed (True/False)
equals
False
Remediation
×
×
×
×
+ Add item
Why It Matters
×
×
×
+ Add item
Save Changes
Export Lucidum