How to Fix Blue Screen of Death Caused by CrowdStrike?
- A faulty update from CrowdStrike caused Windows PCs to crash, affecting critical sectors like airlines and hospitals.
- CrowdStrike deployed a fix, but resolving the issue requires manual intervention to delete problematic driver files in Safe Mode.
- Effective solutions include performing a System Restore, deleting the problematic file via Command Prompt in Safe Mode, and disabling the CSAgent service using the Registry Editor.
On July 19, 2024, a faulty update from CrowdStrike, a cybersecurity company used by many critical infrastructure sectors, caused numerous Windows PCs to experience the infamous ‘Blue Screen of Death (BSOD)’. The issue was caused by a faulty patch introducing incompatibility between a Windows update and CrowdStrike’s Falcon sensor.
This led to widespread system crashes and significant disruptions across important sectors, including airlines, hospitals, banking, and police operators. Since then, Crowdstrike has deployed a fix to address the issue. However, resolving the BSOD requires manual intervention, which involves booting into Safe Mode to delete the problematic “sys driver files” that crash the primary CrowdStrike driver.
Now, how can you resolve this mess? Here are some effective solutions for affected users.
Table of Contents
1. Perform a System Restore
System Restore, a utility integrated into Windows, allows you to revert your Windows state to a previous restore point. We can use this to revert the changes CrowdStrike caused to our windows restoring your system settings and files to their previously stable condition.
How to use System Restore? Here are the steps:
- Power on your computer and immediately long-press the power button to turn it off. Repeat this three times.
- After the third restart, you should see ‘Preparing automatic repair‘ along with the Windows loading screen.
Running the Auto Repair utility - From here, Windows will ask you to “Choose an option“. Here, select the second “Troubleshoot” option.
Select Troubleshoot - Next, Windows will prompt with a message saying “your PC did not start correctly“. Here, instead of restarting it again, press the “Advanced options” button.
Press Advanced Options - Once it restarts, you’ll have the Advanced options screen, here select “System Restore“.
Select System Restore - Select a restore point before the update caused the issue and follow the prompts to complete the restoration.
If this doesn’t resolve your issue or you don’t have a restore point created, don’t fret just yet; we still have other methods that can resolve this issue.
READ MORE: How to Create a System Restore Point on a Windows ➜
2. Delete the Problematic File
Safe Mode is a recovery state in which Windows starts with only the essential drivers and services, bypassing problematic software that is causing the Blue Screen of Death or other errors. Here, you can safely delete the CrowdStrike driver file called “C-00000291.sys“ which can prevent your system from starting normally.
Here’s a step-by-step guide to this process:
- Boot into Advanced options by following the steps explained in the first method. But, this time select the Startup Settings option.
Accessing the Startup Settings - After your PC restarts, you’ll see a list of options. Press the F4 key (or the key corresponding to “Enable Safe Mode”) to start your computer in Safe Mode.
Enable Safe Mode
Once successfully in Safe Mode, follow these instructions to delete the problematic file:
- Press the search icon in the taskbar, then type ‘Command Prompt‘ or ‘cmd‘ and select ‘Run as administrator.‘
Run CMD as administrator - In the Command Prompt type ‘del C:\Windows\System32\drivers\CrowdStrike\C-00000291*.sys’ and press enter.
Type in the proper command - Reboot your computer and check if the issue is resolved.
Normally, this process should go smoothly. However, if your Windows doesn’t let you delete this file, here are some guides that may help you:
- How to delete files and folders that won’t delete in Windows?
- 4 Verified Solutions to Fix ‘Could not find this item’ Error
- How to Take Ownership of Files and Folders?
3. Disable the CSAgent Service
Still stuck? This last method will resolve your issue as it disables the “CSAgent” service, a core component of CrowdStrike’s Falcon endpoint protection platform. While it provides security features such as malware detection, threat prevention, and response capabilities, this core component was also afflicted by the faulty update causing the BSOD.
Disabling this service prevents the faulty CrowdStrike component from loading during system startup, allowing the system to boot and operate normally. To disable this service follow these steps:
- Boot into Safe Mode using the instructions presented in the second method.
- Press Win+R, type “regedit” and hit Enter.
Hit Enter - This will open Registry Editor. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CSAgent.
Follow the path - In the right pane, find the key named “Start“, double-click it, and change its value of 1 with 4.
Change the value - Get out of Safe Mode by restarting your computer
READ MORE: Troubleshoot Blue Screen of Death (BSOD) Caused by Windows Update ➜
Wrapping Up
The widespread BSOD issue caused waves on the Internet with people sharing TikToks of hundreds of people waiting for the flights to be rescheduled and baking systems facing severe disruptions. All of this due to a single faulty update. However, as quickly as the issue came, the solutions were also starting to show up just as our article should hopefully help you fix the BSOD issue in no time.
