Crowdstrike Sysadmin automatic fix

732220

This post is more for System Administrators that have to manage a large collection of systems that are affected by CrowdStrike causing Blue Screen of Death on computers they manage. This solution is  a batch fix for those who use a PXE server or USB stick.

What is the fix?

Use the WinPE image found in the ADK (Assessment and Development Kit) and use wimlib to mount the WinPE image.

Once you have mounted this image, modify the startnet.cmd and add:

del C:\Windows\System32\drivers\CrowdStrike\C-00000291*.sys

exit

Save the file and if you have the machine encrypted with BitLocker, you need to enter the BitLocker key as the serial number on the WinPE image before you unmount it.

Now you can unmount the WinPE image. Copy the WinPE image to your PXE server or use Rufus to write the image to a bootable USB.

Share this post with your friends