Objective
Corrective actions for CrowdStrike Falcon Sensor issue crashing Windows host
Audience
Environment
The computer may be in recovery mode
Procedure
If the computer is restarting in a loop and does not enter the following screen, contact K-State IT Support
If at the recovery screen, select the following options
IF YOU GET THIS SCREEN AFTER SELECTING COMMAND PROMPT STAY ON THE SCREEN AND CONTACT THE K-STATE IT SUPPORT
Type into the command prompt the following commands:
cd /d C:\\Windows
cd System32\drivers\CrowdStrike
As shown by the picture
Then Type into the command prompt the following command : del "C-00000291*.sys"
There is no success indication after this command is entered. If no error is shown after entering this command, restart your computer.
If in recovery mode:
1. Select "See advanced repair options"
2. Reboot into safe mode or windows recovery environment
3. Navigate to the Command Prompt and select "Run as administrator"
4. When you are in the Command Prompt, please type in: cd C:\Windows\System32\drivers\CrowdStrike
NOTE: There cannot be any spaces behind at the end of the command you input. If it is not the same then it will give an
5. Boot the host normally.
Notes
For customers using Bitlocker - it is a major stumbling block for a manual safe reboot. Decryption keys may need to be distributed.
https://learn.microsoft.com/en-us/windows/security/operating-system-security/data-protection/bitlocker/recovery-process