https://github.com/cookiengineer/fix-crowdstrike-bsod

:computer: Remove the broken CrowdStrike update(s) from a target machine
https://github.com/cookiengineer/fix-crowdstrike-bsod

Last synced: 2 months ago
JSON representation

:computer: Remove the broken CrowdStrike update(s) from a target machine

• Host: GitHub
• URL: https://github.com/cookiengineer/fix-crowdstrike-bsod
• Owner: cookiengineer
• License: gpl-2.0
• Created: 2024-07-20T02:29:59.000Z (11 months ago)
• Default Branch: main
• Last Pushed: 2024-07-20T10:08:17.000Z (11 months ago)
• Last Synced: 2025-03-28T12:11:35.325Z (2 months ago)
• Language: Go
• Size: 12.7 KB
• Stars: 0
• Watchers: 1
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE_GPL2.txt

Awesome Lists containing this project

README

        

# Fix Crowdstrike BSOD

This little tool fixes the Crowdstrike Blue Screen of Death,

also known as the Crowdstrike Boot Loop Screen.

# Cause

On 2024-07-18, CrowdStrike deployed a defective update which caused

a defective channel file to be created in its drivers folder.

This defective channel could not be created successfully, and the

resulting named pipe which was used to observe IPC communication

cause the Windows Kernel to be stuck in a boot loop.

CrowdStrike Statement:

- [Official Website](https://www.crowdstrike.com/blog/statement-on-falcon-content-update-for-windows-hosts/)

- [Web Archive](http://web.archive.org/web/20240720004839/https://www.crowdstrike.com/blog/statement-on-falcon-content-update-for-windows-hosts/)

# Solution

This small tool is written in `go` to be usable without external

dependencies and to ease up the task at hand. Download the prebuilt

binaries from the Releases section here on GitHub for your convenience,

and put it on a USB flash drive.

1. Prepare USB flash drive with the `fix-crowdstrike_amd64.exe` on it.

2. Boot the Windows system into `Safe Mode` or the `Windows Recovery Environment`.

3. Insert and Mount the USB flash drive, open the folder in the Explorer.

4. Right Click / Run As Administrator on `fix-crowdstrike_amd64.exe`.

5. Reboot the machine for the last time, it not crash now.

# How to boot the device into Windows Safe Mode

Microsoft Support Documentation: [Article](https://support.microsoft.com/en-us/windows/start-your-pc-in-safe-mode-in-windows-92c27cff-db89-8644-1ce4-b3e5e56fe234#WindowsVersion=Windows_10)

TL;DR:

1. Hold down the power button for 10 seconds to turn off your device.

2. Press the power button to turn on your device.

3. On the first sign that Windows has started (for example, the manufacturer's logo is shown), hold down the power button for 10 seconds to turn off your device.

4. Press the power button to turn on your device.

5. Again when Windows starts, hold down the power button for 10 seconds to turn off your device.

6. Again press the power button to turn on your device.

7. Allow your device to fully bootup. You will enter Windows Recovery Environment.

8. Select `Troubleshoot` / `Advanced Options` / `Startup Settings`.

9. After your device restarts, you'll see a list of options. Select option 5 (by pressing `F5`) for Safe Mode with Networking.

# License

GPL2