The update isn't rolled out via an agent update. The update is a detection controlled by Crowd strike and it is how their solution operates. It is a fairly black box solution that handles detections on its own. It is one of the reasons why SOC's love it because they can focus on triage rather than tuning since many orgs don't have the in-house expertise or resources to create detections for all the latest threats. Out sourcing security like this has a huge cost though as we see.