Crowd Strike Blue Screen Problem

Crowd Strike Anti Virus Blue Screen Problem

CrowdStrike Anti Virus Blue Screen Problem and Solution

Windows  users including server Operating Systems around the world are facing massive outages owing to a new Crowdstrike update, which is leading to PCs getting stuck on the blue screen (recovery screen.). Reports suggest that the latest issue on Windows has led to massive outages across Airports, Companies in many sectors, Banks, Government offices across the world.

Windows users across the globe are experiencing the Blue Screen of Death (BSOD) error which is causing the system to suddenly shut down or restart. Microsoft in a message said that the error is being caused due to a recent CrowdStrike update.

https://support.microsoft.com/en-us/windows/resolving-blue-screen-errors-in-windows-60b01860-58f2-be66-7516-5c45a66ae3c6


https://www.ndtv.com/world-news/microsoft-global-outage-live-updates-microsoft-faces-global-outage-multiple-users-affected-6138975

The issue, which has caused a massive outage, has garnered widespread attention, prompting a response from CrowdStrike. “CrowdStrike is aware of reports of crashes on Windows hosts related to the Falcon Sensor,” the company said. “Our Engineering teams are actively working to resolve this issue.” The company also mentioned that symptoms include hosts experiencing a bugcheck/blue screen error related to the Falcon Sensor.

 

CrowdStrike Anti Virus Blue Screen Problem Solution ;

rename the crowdstrike folder c:\windows\system32\drivers\crowstrike to something else.

CrowdStrike Engineering has identified a content deployment related to this issue and reverted those changes.

Workaround Steps:

  1. ⁠Boot Windows into Safe Mode or the Windows Recovery Environment
  2. ⁠Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
  3. ⁠Locate the file matching “C-00000291*.sys”, and delete it.
  4. ⁠Boot the host normally.

Do not try to search the file, go directly to the location, otherwise you won’t be able rename it.

Or you can do the following with PowerShell Script;

Rename-Item -Path "c:\windows\system32\drivers\crowdstrike" -NewName "crowdstrike.bak"
Crowdstrike BSOD Solution

Uninstall CrowdStrike / Faolcon Sensor with PowerShell Script Batch File

$servers = Get-Content -Path ‘\\FileServer\servers.txt’
$maintenance_token = Get-Content -Path ‘\\FileServer\maintenance_key.txt’

Invoke-Command -ComputerName $servers -Credential (Get-Credential) -ScriptBlock {
& “\\FileServer\CsUninstallTool.exe” MAINTENANCE_TOKEN=$using:maintenance_token /quiet
}

Go to Troubleshoot – Advanced Option – Startup Repair
See if Windows startup can repair itself

Go to Troubleshoot – Advanced Option – System Restore
Check to see if you have a restore point you can go back to

If you do not have a Restore Point, go to Troubleshoot – Advanced Option – Startup Settings and click Restart
Upon restart, press 5 to enter Safe Mode
Once in Safe Mode, backup your data if you do not already have a backup
Open Device Manager and check to make sure all your Drivers are up to date
Reboot to see if Windows will start Normally

If the above fails, go to Troubleshoot – Advanced Options – Reset this PC
Choose to keep your files and apps, just your files or to keep nothing
Then start the Reset

 
1) Enable debugging
2) Enable boot logging
3) Enable low resolution video
4) Enable safe mode
5) Enable safe mode with networking
6) Enable will safe mode with command prompt
7) Disabled driver signature enforcement
8) Disabled early launch anti malware protection
9) Disabled automatically we start after failure

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply