Fix CrowdStrike Falcon BSOD Error on Windows & Azure

Juniya Sankara

July 23, 2024

Hello everyone, I am sure you have heard about the HUGE error caused by US cybersecurity company Crowdstrike that literally brought some of the biggest companies to a standstill.

The recent update to CrowdStrike Falcon has affected numerous systems worldwide, disrupting many airports, railways, telecom companies, media organizations, and even the NHS(UK).

Major companies such as Delta airlines, various banks, and stock exchanges all over the world experienced significant outages due to this issue, leading to Blue Screen of Death (BSOD) errors on numerous Windows systems, including personal computers, servers, and Azure cloud services. This post will guide you through the steps to resolve this issue and get your systems back to normal operations.

You can also view the video below to fix or read the step by step instructions below;

CrowdStrike Host Self-Remediation for Remote Users with Local Administrator Privileges

Fixing the BSOD Error on Windows Servers and PCs

1. Boot into Safe Mode or Windows Recovery Environment:

Turn off your device by holding the power button for 10 seconds.
Turn it back on and on the Windows sign-in screen, hold the Shift key, click the Power icon, and select Restart.
If the BSOD occurs before completing this step, keep restarting until the Recovery screen appears.

2. Navigate to the CrowdStrike Directory:

Go to C:\Windows\System32\drivers\CrowdStrike.
Locate and delete any files starting with C-00000291*.sys.

3. Alternative Methods:

Command Prompt: Right-click Start, select Run, type ‘cmd’ and press Enter. Navigate to the CrowdStrike directory using cd C:\Windows\System32\drivers\CrowdStrike and delete the files using del C-00000291*.sys.
Registry Editor: Open the Registry Editor and navigate to HKLM:\SYSTEM\CurrentControlSet\Services\CSAgent\Start. Change the value from 1 to 4 to disable the csagent.sys from loading.

4. Restart Device:

Restart the computer to see if the issue is resolved.

Fixing the BSOD Error on Azure Services

1. Recovery Options for Azure Virtual Machines:

Reboot the affected virtual machines up to 15 times.
If this does not resolve the issue, restore the VM from a backup taken before the issue started.

2. Microsoft Recovery Tool:

Microsoft has provided a recovery tool that network administrators can use to create USB bootable media. This can speed up the recovery process for the affected system.
Download the tool, extract the files, and run the script using PowerShell to prepare the USB drive.
Use the USB drive to boot into the Windows Recovery Environment on the affected VM and follow the instructions to delete the problematic CrowdStrike files

Still need some help?

For Windows Servers and PCs:

CrowdStrike Support:
- CrowdStrike Contact Us Page
- CrowdStrike Blog on Falcon Content Update
Microsoft Support:
- Microsoft Recovery Support for CrowdStrike Issue

For Azure Virtual Machines:

Azure VMs Support:
- Azure Recovery Options for Affected VMs

Community Poll

Loading poll ...

Coming Soon

Have You Experienced the CrowdStrike Falcon BSOD Error?

{{ row.Answer_Title }} {{ row.Answer_Title }} {{row.tsp_result_percent}} % {{row.Answer_Votes}} {{row.Answer_Votes}} ( {{row.tsp_result_percent}} % ) {{ tsp_result_no }} {{row.tsp_result_percent}} % {{row.Answer_Votes}} {{row.Answer_Votes}} ( {{row.tsp_result_percent}} % ) {{ tsp_result_no }}

That pretty much does it, good luck in fixing this issue, if you have more issues, contact us or leave a comment.