fbpx
(775) 420-4224
[email protected]
Sierra Miles

Fix CrowdStrike Windows BSOD: Step-by-Step Guide

By Brandon App, Partner at Sierra Miles Group

CrowdStrike Sensor Update Causes BSOD for Windows 10 Users

On July 19, 2024, a significant issue arose for many Windows 10 users as they encountered the dreaded Blue Screen of Death (BSOD) due to a CrowdStrike sensor update. This incident disrupted operations across various sectors, affecting businesses, educational institutions, and more. Here's what happened and how to address the issue.

The Incident

The problem was traced back to a recent update for CrowdStrike's endpoint protection sensors. This update inadvertently caused the csagent.sys driver to malfunction, leading to widespread BSOD errors. Users reported being stuck at the "Recovery" screen with the message, "It looks like Windows didn’t load correctly"​ (Windows Latest).

CrowdStrike's Response

CrowdStrike quickly acknowledged the issue, stating that it was not a result of a security breach but rather a defect in the update. George Kurtz, CEO of CrowdStrike, confirmed that they were actively working with affected customers and had already deployed a fix. He assured users that the issue was isolated to Windows hosts and did not impact Mac or Linux systems​ (Windows Latest, CrowdStrike).

Steps to Resolve the BSOD Issue

If you are experiencing the BSOD issue caused by the CrowdStrike update, here are the steps you can take to resolve it:

  1. Use Safe Mode and Delete the Affected File:
    • Boot into Safe Mode by pressing F8 during startup or using the Advanced Boot Options.
    • Open Command Prompt and navigate to the CrowdStrike directory: cd C:\Windows\System32\drivers\CrowdStrike.
    • Identify and delete the affected file using the command: del C-00000291*.sys.
  2. Rename the CrowdStrike Folder:
    • In Safe Mode, open Command Prompt and navigate to the drivers directory: cd \windows\system32\drivers.
    • Rename the CrowdStrike folder to prevent the faulty driver from loading: ren CrowdStrike CrowdStrike_old.
  3. Modify the Registry to Disable the CSAgent Service:
    • Boot into Safe Mode and open the Registry Editor.
    • Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CSAgent.
    • Change the "Start" value from 1 to 4 to disable the service and prevent it from starting automatically​ (Windows Latest).

These steps should help mitigate the BSOD issue and restore normal operation to your Windows 10 system.

Preventive Measures with RMM Services

This incident highlights the importance of proactive IT management. At Sierra Miles Group, we offer Remote Monitoring and Management (RMM) services to help businesses stay ahead of potential IT issues. Our RMM services include:

  • 24/7 System Monitoring: Continuous surveillance of your IT infrastructure to detect and address issues before they escalate.
  • Automated Maintenance: Routine updates and maintenance tasks are automated to ensure systems are always running optimally.
  • Real-Time Alerts: Immediate notifications of any anomalies or potential threats, allowing for swift action.

By leveraging our RMM services, businesses can ensure their IT environments remain stable and secure. For more information on our RMM services, visit our RMM page.

Call to Action

If your organization has been affected by this or any other IT issue, contact Sierra Miles Group today. We offer expert IT support and cybersecurity solutions tailored to your needs. Reach out to us at (775) 420-4224 or visit our website to learn more about how we can help safeguard your IT infrastructure.

Stay informed and protected with Sierra Miles Group, your trusted IT partner.