How to fix CrowdStrike BSODs in three minutes — fix requires manual changes, but they are simple

How-to
By
published

Eight steps to get you back on track.

CrowdStrike
(Image credit: Tom's Hardware)

If your machines have been impacted by the recent CrowdStrike outage, then this is the how-to for you. Users across the globe have been impacted by the infamous Blue Screen of Death (BSoD), triggered by CrowdStrike’s update of its Falcon Sensor application. An application designed to protect your machines from malicious threats is now the source of one of the largest outages in recent memory. Below we have instructions that can fix the issue in just a few moments.

The official fix, as detailed below, comes from CrowdStrike and effectively sees us regressing the update to a previous working state. Whether this will be automated in the future remains to be seen. 

If you have been affected by the CrowdStrike outage, here are the steps to fix it. Note that these steps must be completed for every affected machine. At the time of writing, no automated service can do this, so your sysadmin or IT support team will be busy for the next few days.

  1. Boot your Windows system into safe mode or the Windows Recovery Environment (winRE)by first powering up your machine until a manufacturer's logo is visible. Press and hold the power button for ten seconds to turn off the machine. Repeat this process once more
  2. Press the power button again to power up and the machine will boot to the winRE.
  3. From the option menu select Troubleshoot >> Advanced Options >> Startup Settings >> Restart.
  4. Select option 5 or press F5 to restart the machine in safe mode with Networking.
  5. Wait for the machine to boot into the safe mode desktop.
  6. Open the File Manager and navigate to C:\Windows\System32\drivers\CrowdStrike
  7. Look for and delete any files that match the pattern "C-00000291*.sys"
  8. Reboot as normal.

You should now be able to boot into and use your Windows PC as normal.

The IT world is currently reeling from this outage, with many questioning how this issue made it to production, when it should’ve been tested before release. This outage may also force companies to add a staging step to their update management policies, testing the updates in an isolated environment before they are pushed live.

Les Pounder
Les Pounder

Les Pounder is an associate editor at Tom's Hardware. He is a creative technologist and for seven years has created projects to educate and inspire minds both young and old. He has worked with the Raspberry Pi Foundation to write and deliver their teacher training program "Picademy".

41 Comments Comment from the forums
  • JamesJones44
    Only use Windows for gaming and the problem was fixed before it began ;)
    Reply
  • elforeign
    Thank you! Not affected by the system outage, but this is what the world needs. Clear instructions to solve a problem.
    Reply
  • NinjaNerd56
    Amen.

    No drama, just here’s how.
    Reply
  • sepuko
    NinjaNerd56 said:
    Amen.

    No drama, just here’s how.
    Unles you're the poor IT guy who needs to do it on 10s of thousands of pcs, vms, atms and kiosks, this solution is ludicrous, it will cost companies A LOT.
    Reply
  • vanadiel007
    Blows my mind banks and a whole bunch of others are just applying updates across the board without first testing them in house to ensure they will not cause issues.

    I mean, they were lucky this was not a virus or backdoor that slipped it's way into the update process.

    Totally unacceptable that companies just update their machines without checking anything and just blindly trust updates.
    Reply
  • bill001g
    Sounds like it is much more complex if you have bitlocker on it.

    Can you even think to be the guy who walks into a datacenter with cabinets as far as you can see with multiple server per cabinet and know you have to physically touch every device.....even if the fix is "easy"
    Reply
  • Muratus
    sepuko said:
    Unles you're the poor IT guy who needs to do it on 10s of thousands of pcs, vms, atms and kiosks, this solution is ludicrous, it will cost companies A LOT.
    Yea, that will be me. I'm a onsite IT Tech, just got the call to be ready for a busy weekend.
    Reply
  • Makaveli
    sepuko said:
    Unles you're the poor IT guy who needs to do it on 10s of thousands of pcs, vms, atms and kiosks, this solution is ludicrous, it will cost companies A LOT.
    This simple until you have to do it in volume.
    Reply
  • mac_angel
    Doesn't work for me. Fiance works for Roger's Communications remotely. I can't get her laptop to boot into safe mode at all. I was given the recovery key and Admin password from their IT to try, but no luck.

    no access to the BIOS as of yet ( to get into Boot Options). I didn't get that password from them. A level 2 tech should be calling at some point, but not expecting it to be today.
    Reply
  • rgd1101
    what the laptop? what os?

    yeah is not that simple. business pc/laptop usually lockdown. user won't have admin access to get to that crowdstrike folder. for remote they will have to get the admin account/password to delete a file. and that is without bitlocker.
    Reply