Corrective actions for CrowdStrike Falcon Sensor issue crashing windows host

Summary

Corrective actions for CrowdStrike Falcon Sensor issue crashing Windows host

Body

 Objective

Corrective actions for CrowdStrike Falcon Sensor issue crashing Windows host

 

 Audience

  • Faculty
  • Staff

 

 Environment  

The computer may be in recovery mode
 

 

 Procedure

If the computer is restarting in a loop and does not enter the following screen, contact K-State IT Support

 

If at the recovery screen, select the following options 

 

IF YOU GET THIS SCREEN AFTER SELECTING COMMAND PROMPT STAY ON THE SCREEN AND CONTACT THE K-STATE IT SUPPORT

Type into the command prompt the following commands:
  cd /d C:\\Windows 
  cd System32\drivers\CrowdStrike 
  As shown by the picture

Then Type into the command prompt the following command : del "C-00000291*.sys" 



There is no success indication after this command is entered. If no error is shown after entering this command, restart your computer.



If in recovery mode:
1. Select "See advanced repair options"
2. Reboot into safe mode or windows recovery environment
3. Navigate to the Command Prompt and select "Run as administrator"

Uploaded Image (Thumbnail)
4. When you are in the Command Prompt, please type in: cd C:\Windows\System32\drivers\CrowdStrike
NOTE: There cannot be any spaces behind at the end of the command you input. If it is not the same then it will give an
5. Boot the host normally.

 

 Notes

For customers using Bitlocker - it is a major stumbling block for a manual safe reboot.   Decryption keys may need to be distributed. 
https://learn.microsoft.com/en-us/windows/security/operating-system-security/data-protection/bitlocker/recovery-process

Details

Details

Article ID: 1189
Created
Fri 7/19/24 7:58 AM
Modified
Fri 7/19/24 1:11 PM