Solution for fixing blue screen caused by CrowdStrike

Solution for fixing blue screen caused by CrowdStrike

As worldwide blue screen of death caused by the CrowdStrike Falcon agent on last week Friday, IT administrators were busy for sure to handling such major incident. There are solutions provided by Microsoft which can mitigate this issue. Sharing some key information to some tech fellow as reference.

Root cause and symptoms for this issue

As per Microsoft’s investigation, the issue impacting Windows endpoints that are running the CrowdStrike Falcon agent. These endpoints may encounter an error message with blue screen and may experience a continual restarting state.

Available solutions for mitigating this issue

For general Windows endpoints try the following:

  1. Start Windows into Safe Mode or the Windows Recovery Environment.
  2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
  3. Locate the file matching “C-00000291*.sys” and delete it.
  4. Restart the device.
  5. Recovery of systems requires a Bitlocker key in some cases.

For issue impacted with Windows Server hosted on-premises, these servers might encounter error message 0x50 or 0x7E on blue screen and experience a continual restarting state:

Refer to  KB5042426, as Microsoft has released a step-by-step guidance with a new USB Recovery Tool to help IT administrators expedite the repair process.  You may download from New Recovery Tool to help with CrowdStrike issue impacting Windows endpoints – Microsoft Community Hub.

Further information

Additional details you may check the link from CrowdStrike regarding such issue:

https://www.crowdstrike.com/blog/statement-on-windows-sensor-update/

Leave a Reply

Your email address will not be published. Required fields are marked *