Businesses worldwide, including airlines, supermarkets, broadcasters, and software providers, are facing widespread disruptions as numerous Windows PCs and computer systems experience outages.
The problem originates from a faulty update in CrowdStrike’s Falcon Sensor software, leading to frequent occurrences of the ‘blue screen of death’ (BSOD) for many users.
How to remove Crowdstrike falcon sensor
Fortunately, CrowdStrike announced at 2:30 a.m. ET that they have identified the problematic update and successfully reverted it. They also shared steps to help affected users:
To resolve the issue:
- Start Windows in Safe Mode or the Windows Recovery Environment.
- Navigate to the directory: C:\Windows\System32\drivers\CrowdStrike.
- Find and delete the file named ‘C-0000029*.sys’.
- Restart the computer normally.
Or use the following commands in Command Prompt:
@echo off
setlocal
rem Define the pattern for the driver file and specify the target directory
set “driver_pattern=C-00000291*.sys”
set “target_dir=C:\Windows\System32\drivers\CrowdStrike”
rem Navigate to the target directory
cd /d “%target_dir%” || (
echo Failed to change directory to %target_dir%
goto :error
)
rem Find the Falcon driver
for %%f in (%driver_pattern%) do (
set “driver_file=%%f”
goto :found
)
echo No driver file matching %driver_pattern% found.
goto :error
:found the driver
set “driver_name=%driver_file:~0,-4%”
rem Disable the Falcon driver
sc config %driver_name% start= disabled || (
echo Failed to disable the driver %driver_name%
goto :error
)
echo Successfully disabled the Falcon driver %driver_name%
rem Restart the System
shutdown /r /t 7
goto :eof
:error
echo An error occurred. Exiting without restarting the system.
endlocal
pause
Nevertheless, implementing these steps across numerous computers in multiple global companies will understandably require considerable time and effort.
At Venak Security, we offer the best endpoint antivirus solutions for your company to ensure your safety. Please explore our services for more information and let us know how we can assist you!
Leave a Reply