IT Solutions Consulting’s Post

Crowdstrike Falcon Crisis Workaround Steps for Individual Hosts: 1. Reboot the Host: • Connect the host to a wired network (ethernet) for faster internet connectivity. • Reboot the host to allow it to download the reverted channel file. 2. If the Host Crashes Again: a. Boot into Safe Mode or Windows Recovery Environment: • Connect the host to a wired network (ethernet) for faster internet connectivity. • Use “Safe Mode with Networking” for easier remediation. b. Navigate to the CrowdStrike Directory: • For Windows: • Navigate to %WINDIR%\System32\drivers\CrowdStrike. • For Windows Recovery Environment/Preinstallation Environment (WinRE/WinPE): • Navigate to Windows\System32\drivers\CrowdStrike on the OS volume. c. Delete the Specific File: • Locate the file matching the pattern C-00000291*.sys. • Delete this file. d. Boot the Host Normally: • Reboot the host normally. 3. Note: • For BitLocker-encrypted hosts, you may need to provide the recovery key. These steps should help in resolving the issue with the host crashing due to the problematic channel file. #crowdstrike #falcon #DIY##microsoft #systemrecovery

🚨 URGENT FIX FOR WINDOWS OUTAGE!🚨 If you're dealing with the Blue Screen of Death (BSOD) due to the csagent.sys driver issue, follow these quick steps to resolve it and get back on track: 1. Restart and Boot into Troubleshooting Mode   - Restart your computer.   - Press and hold the `Shift` key and repeatedly tap the `F8` key to enter Troubleshooting mode. 2. Open Command Prompt   - Navigate to Advanced Options and select "Command Prompt." 3. Navigate to the CrowdStrike Drivers Folder   - Type `cd C:\Windows\System32\drivers\CrowdStrike` and press Enter. 4. Locate and Delete/Rename the Problematic Driver File   - Type `dir` to list files in the directory.   - Find the file matching "C-00000291*.sys".   - Delete it using `del C-00000291*.sys` or rename it to `donotcrash.sys`. 5. Restart Your Computer   - Close Command Prompt and restart your computer normally. This urgent fix can help businesses and individuals experiencing this critical issue. Please share this post to help others resolve their Windows outage quickly! #WindowsOutage #BSOD #TechSupport #CrowdStrike #QuickFix #TechTips #ITSupport #UrgentFix #Windows10 #Windows11 #LinkedInTech #Productivity

This morning servers and workstations worldwide have blue screens of death from an update from Crowdstrike. Travel, banking and businesses hit hard. If you’re affected, here is an easy fix. Crowdstrike PC and Server Fix: 1. Click See Advanced Repair Options 2. Click Troubleshoot 3. Click Command prompt and type the following pressing enter after each command 4. pushd C:\Windows\System32\drivers\Crowdstrike 5. del “C-00000291*.sys” 6. exit 7. Click continue. It should reboot now normally. https://lnkd.in/gFQmuh7z

I'm sure those of you who need to see this, have seen this. But for those of you who haven't: 📣 📣 📣 Crowdstrike Workaround 📣 📣 📣 💾 Boot Windows into Safe Mode or the Windows Recovery Environment 💾 Navigate to the C:\Windows\System32\drivers\CrowdStrike directory 💾 Locate the file matching “C-00000291*.sys”, and delete it. 💾 Boot the host normally. Anecdotally running the system file checker: sfc.exe/scannow is also a potential fix. If you're running Bitlocker, I feel your pain in this scenario. For those of you with Windows Deployment tools, it may be quicker to do a mass PXE boot and redeploy. Assuming your Domain Controllers and deployment servers are still up. *** UPDATE *** Apparently fixes are being rolled out from CS. If your machines are staying online long enough for these to apply, you may not need to do the above ****************

If you’ve got a blue screen of death and you have Crowdstrike Falcon deployed in your business this is the fix. 🚨 This will not be a quick fix and will have to be carried out manually on each machine 🚨 Workaround Steps  1. Boot Windows into Safe Mode or the Windows Recovery Environment.  2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory.  3. Locate the file matching “C-00000291*.sys” and delete it.  4. Reboot the host normally. Source: https://lnkd.in/gTWsUE7b... https://lnkd.in/gtZQ5TD4

#crowdstrike #microsoft We all know there is a world wide outage becos of crowdstrike attack. some recovery steps for System Users 1- Boot Windows into Safe Mode or the Windows Recovery Environment Navigate to the C:\Windows\System32\drivers\CrowdStrike directory Locate the file matching “C-00000291*.sys”, and delete it, if you are not able to delete the file or if it still doesn’t work, rename the file “csagent.sys”, which is located in the same Crowdstrike directory folder. After the reboot, make sure to check that MS Defender is installed and running Boot the host normally. 2- Next easiest way is .. Reach your Admin team and get the bitlocker key to Recovery.

CrowdStrike has identified a Channel File in the update as the culprit for today's global IT outage. This file can be addressed individually, allowing users to retain the #FalconSensor update. The company has provided the following workaround steps for affected systems: 1️⃣ Boot Windows into Safe Mode or the Windows Recovery Environment. 2️⃣ Navigate to the C:\Windows\System32\drivers\CrowdStrike directory. 3️⃣ Locate and delete the file matching “C-00000291*.sys”. 4️⃣ Boot the host normally. #CrowdStrike Blog: https://lnkd.in/gtZQ5TD4 Microsoft

Windows OS 'Blue Screen of Death' (BSOD) Issue Fixing Steps ! If you're dealing with the Blue Screen of Death (BSOD) due to the csagent.sys driver issue, follow these quick steps to resolve it and get back on track: 1. Restart and Boot into Troubleshooting Mode - Restart your computer. - Press and hold the `Shift` key and repeatedly tap the `F8` key to enter Troubleshooting mode. 2. Open Command Prompt - Navigate to Advanced Options and select "Command Prompt." 3. Navigate to the CrowdStrike Drivers Folder - Type `cd C:\Windows\System32\drivers\CrowdStrike` and press Enter. 4. Locate and Delete/Rename the Problematic Driver File - Type `dir` to list files in the directory. - Find the file matching "C-00000291*.sys". - Delete it using `del C-00000291*.sys` or rename it to `donotcrash.sys`. 5. Restart Your Computer - Close Command Prompt and restart your computer normally. This urgent fix can help businesses and individuals experiencing this critical issue. Please share this post to help others resolve their Windows outage quickly! #WindowsOutage #BSOD #TechSupport #CrowdStrike #QuickFix #TechTips #ITSup

Impacted by the Crowdstrike bug? Here is the manual workaround: 1. Boot Windows into Safe Mode or the Windows Recovery Environment 2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory. 3. Locate the file matching “C-00000291*.sys” and delete it. 4. Restart the computer. <optional next steps.. maybe after you repeat this on 20,000+ machines> 5. Uninstall Crowsdtrike software. Look for another more favorable competing solution. Watch the stock plummet. 6. Vigorously test your backups. from the CrowdStrike Blog: