Fix Windows BSOD Issue caused by Crowdstrike Update Major Impact around the Globe

Let’s check whether there is any fix Windows BSOD Issue caused by Crowdstrike Update or not. All the significant organizations worldwide are impacted, and many news broadcasting agencies are down because their systems are not working.

All Windows 10 computers worldwide are getting this Blue Screen Of Death (BYOD) error. The error is: Your PC ran into a problem and needs to restart. We’re just collecting some error info, and then we’ll restart for you. 20% complete.

CrowdStrike is aware of reports of crashes on Windows hosts related to the Falcon Sensor. Symptoms include hosts experiencing a bug check or a blue screen error. Some workarounds have already been given, but you need admin access to fix this issue.

So, IT team intervention is required. The significant impact is that fixing these issues with remote management systems such as Microsoft Intune and SCCM is challenging. You can refer to the Microsoft update on this topic from here.

Patch My PC

Microsoft added details to help recover Windows devices with faulty Crowdstricke updates. Joy even did a detailed analysis of Understanding Windows Trusted BootIntegrity Check 1.

Index
Not All Windows Devices are Impacted
Windows BSOD Issue caused by Crowdstrike Update
Workaround FIX to Windows BSOD Issue caused by Crowdstrike Update
Intune or SCCM can FIX Windows BSOD Issue caused by Crowdstrike Update
PowerShell Script to Fix Windows BSOD Issue Caused by Crowdstrike Update
Fix Windows BSOD Issue caused by Crowdstrike Update Major Impact around the Globe – Table 1
Fix Windows BSOD Issue caused by Crowdstrike Update Major Impact around the Globe Fig.0.1
Fix Windows BSOD Issue caused by Crowdstrike Update Major Impact around the Globe Fig.0.1

Is the Windows BSOD Issue caused by Crowdstrike Update impacting Mac- or Linux-based hosts?

Fix Windows BSOD Issue caused by Crowdstrike Update Major Impact around the Globe 1

As per the CrowdStrike, the issue is not impacting Mac- or Linux-based hosts.

Adaptiva

Not All Windows Devices are Impacted

Let’s understand that not all Windows devices are impacted here. The only one with a particular file explained below is impacted. Channel file “C-00000291 *. sys” with timestamp of 0409 UTC is the problematic version.

. Symptoms include hosts experiencing a bugcheck\blue screen error related to the Falcon Sensor.
. Windows hosts which have not been impacted do not require any action as the problematic channel file has been
reverted.
. Windows hosts which are brought online after 0527 UTC will also not be impacted
. This issue is not impacting Mac- or Linux-based hosts
. Channel file “C-00000291 *. sys” with timestamp of 0527 UTC or later is the reverted (good) version.
. Channel file “C-00000291 *. sys” with timestamp of 0409 UTC is the problematic version.

Windows BSOD Issue caused by Crowdstrike Update

Symptoms include Windows 10 hosts experiencing a bugcheck\blue screen (BSOD) error related to the Falcon Sensor. CrowdStrike Engineering has identified a content deployment pertaining to this issue and reverted those changes.

Your organization’s Windows devices are still crashing with BSOD errors because of the Crowdstrike update, so they cannot stay online to receive the Channel File Changes.

BSOD Loop Error Windows BSOD Issue caused by Crowdstrike Update: Your PC ran into a problem and needs to restart. We’re just collecting some error info, and then we’ll restart for you. 20% complete.

This is another error message that you would be able to see for Windows devices. The heading of the error screen shows Recovery.

It looks like Windows didn’t load correctly.
If you’d like to restart and try again, choose “Restart my PC” below. Otherwise, choose “See advanced repair options”
for troubleshooting tools and advanced options. If you don’t know which option is right for you, contact someone you
trust to help with this.

The following are the options you would be able to see after the BSOD screen – See advanced repair options and Restart my PC.

Fix Windows BSOD Issue caused by Crowdstrike Update Major Impact around the Globe - Fig.1
Fix Windows BSOD Issue caused by Crowdstrike Update Major Impact around the Globe – Fig.1

Workaround FIX to Windows BSOD Issue caused by Crowdstrike Update

The manual workaround Steps to resolve the issue is given below. This action requires administrative privileges on your Windows 10 devices.

Ensure you have admin access on the devices to complete the following steps to fix the Windows BSOD issue caused by the Crowdstrike update.

  1. Boot Windows into Safe Mode or the Windows Recovery Environment
  2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
  3. Locate the file matching “C-00000291 *. sys”, and delete it.
  4. Boot the host normally.

You will get the following error message when you don’t have admin access. Let’s check out the following details: Some devices might give you an error stating that the CrowdStrike folder is not available or missing.

Administrator: X:\windows\system32\cmd.exe
Microsoft Windows [Version 10.0.22621.1702]
(c) Microsoft Corporation. All rights reserved.

X:\Windows\System32>cd drivers

X:\Windows\System32\drivers>cd CrowdStrike
The system cannot find the path specified.

X:\Windows\System32\drivers>cd CrowdStrike
The system cannot find the path specified.

X:\Windows\System32\drivers>_
Fix Windows BSOD Issue caused by Crowdstrike Update Major Impact around the Globe - Fig.2
Fix Windows BSOD Issue caused by Crowdstrike Update Major Impact around the Globe – Fig.2

Intune or SCCM can FIX Windows BSOD Issue caused by Crowdstrike Update

Are you looking for an enterprise-level solution via Intune or SCCM to FIX the Windows BSOD Issue caused by Crowdstrike Update for 1000s of Windows 10 devices worldwide?

While writing this post, I found no method to fix the issue apart from running the following command with elevated permission on impacted devices.

Users report that 95% of work devices don’t have admin access, and significant device management tools such as SCCM and Intune can’t function in non-network connected devices. The BitLocker recovery key is another major challenge for enterprises.

Run the following command with elevated permissions -> del C:\Windows\System32\drivers\CrowdStrike\C-00000291*.sys

We are on WhatsApp. To get the latest step-by-step guides and news updates, Join our Channel. Click here –HTMD WhatsApp.

PowerShell Script to Fix Windows BSOD Issue Caused by Crowdstrike Update

The IT community is here to help you fix the issue using the PowerShell Script. Note that Crowdstrike already released a new channel file version to overwrite the one that caused everything to fail. This solution would have worked if the machines booted beyond BSOD long enough for a GPO or Microsoft Intune script to run.

Source – Automated CrowdStrike BSOD Workaround in Safe Mode using Group Policy · GitHub

# CrowdStrikeFix.ps1
# This script checks for a specific driver file, deletes it if it meets criteria, and reverts Safe Mode

$filePath = "C:\Windows\System32\drivers\CrowdStrike\C-00000291*.sys"
$cutoffTime = Get-Date "2024-07-19 04:27:00Z"

if (Test-Path $filePath) {
   $file = Get-Item $filePath
   $fileTime = $file.LastWriteTimeUtc

   if ($fileTime -lt $cutoffTime) {
       Write-Output "[MATCH] BAD C-00000291*.sys found. Timestamp: $($fileTime.ToString('yyyy-MM-dd HH:mm:ss'))"
       Remove-Item -Path $file.FullName -Force
       Write-Output "Deleted: $($file.FullName)"
   } else {
       Write-Output "[NONMATCH] GOOD C-00000291*.sys found. Timestamp: $($fileTime.ToString('yyyy-MM-dd HH:mm:ss'))"
   }
} else {
   Write-Output "[NONMATCH] C-00000291*.sys not found."
}

# Revert Safe Mode Boot after Fix
bcdedit /deletevalue {current} safeboot

We are on WhatsApp. To get the latest step-by-step guides and news updates, Join our Channel. Click here –HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His primary focus is Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.