Duplicate » admin by request

Step-by-Step Guide to Fix the Crowdstrike BSOD

Digital image of a skull amongst some binary, dark blue

If you or your organization was affected by the ‘Blue Screen of Death’ caused by a compatibility conflict within the new Crowdstrike sensor update, the following workarounds will help you fix the Crowdstrike BSOD issue.

Fix the Crowdstrike BSOD Issue

The recommended approach for fixing the issue is to delete the problematic .sys-file – but this requires administrative privileges. Because of the nature of the Crowdstrike issue, the devices can’t boot normally and hence cannot utilize Break Glass accounts etc.

If the user on the device does not have administrative privileges (e.g., if admin rights have been revoked), the following can be attempted to allow the device to boot up:

If the device is on-premises joined:

  1. Start the device in Safe Mode with Internet connection enabled.
  2. Log into the device with an AD user that’s member of the Domain Admins-group.
  3. The logged in user would then have administrative rights of the device.

If the device is Entra ID joined:

  1. Assign the role Microsoft Entra Joined Device Local Administrator to an Entra ID user
  2. Boot the device up in Safe Mode with Internet connection enabled.
  3. Login with the AD user which has the above role assigned to it.
  4. You should then have administrative rights over the device.

Uninstalling the Crowdstrike Console Application:

If you’re unable to access your device via an administrator account, a last resort is to actively uninstall the Crowdstrike Console application. To do this, follow the procedure below:

  1. Generate a CrowdStrike uninstall token from the CS Console.
  2. Start the device in Safe Mode with Internet connection enabled.
  3. Open a CMD-prompt, type in the following, and press Enter:
    • CsUninstallTool.exe MAINTENANCE_TOKEN=<token_from_cs_console> /quiet
    • E.g.: CsUninstallTool.exe MAINTENANCE_TOKEN=a0c76aa097218dc446082 /quiet
  4. Finally, reboot the device.

The above will uninstall the problematic CS application from the device.

Extra Steps: Verify and Update:

  • After running the scripts, ensure that the affected devices are updated to a stable version of the CrowdStrike sensor (currently version 6.56.17010 is recommended).
  • Reduce the number of devices in your QA group for future updates to minimize issues (Reddit)​​.

How the Crowdstrike Debacle Unfolded

On July 20th, 2024, many users encountered a significant issue: the dreaded Blue Screen of Death (BSOD) caused by an update to Crowdstrike’s sensor version 6.58. This problem disrupted operations for organizations across the globe, and was met with urgent need for a solution.

Crowdstrike is a widely-used cybersecurity solution known for its proactive threat detection. However, the update released on July 18th, 2024, caused a BSOD on many systems, specifically those running Windows 10. This issue stemmed from a compatibility conflict within the new sensor update.

The BSOD was due to a conflict between the new Crowdstrike sensor and certain system configurations. Crowdstrike responded by pulling the faulty update and working on a solution to fix the Crowdstrike BSOD issue. However, the immediate concern was to restore affected systems.

Where to Next

Learn more about Admin By Request security solutions here, or download our Free Plan and get started with a POC today.

Want to know more about how this event unfolded? Read ‘The CrowdStrike Debacle: A Love Letter to System Administrators‘ by Patch My PC.

About the Author:

Picture of S Dodson

S Dodson

With a solid background in computer science and graphic design, my career kicked off writing tech manuals for various companies in both the software and hardware realms. I then side-stepped into marketing and found my passion in cybersecurity. I fuse my tech know-how with design skills to craft engaging blogs that spotlight cybersecurity for businesses. My main focus now is championing the marketing efforts of Admin By Request Zero Trust Platform, where my creative take on cybersecurity helps me create content that's enlightening, entertaining, and impactful. My articles have graced the pages of InfoSec Magazine and top-tier security websites like OPSWAT. I'm on a mission to stress the significance of cybersecurity and to showcase how Admin By Request is shaking things up by making enterprise solutions simple, intuitive, accessible, and affordable to organizations of all sizes, in any industry. My goal is to craft content that informs, intrigues, and motivates action, helping businesses understand the pivotal role of cybersecurity in the digital age we're now living in. Through my work, I aim to close the gap between technology and its real-world applications, keeping our audience well-informed, interested, and ready for the ever-evolving cybersecurity landscape. I bring a blend of extensive experience, deep expertise, recognized authority, and unwavering commitment to trustworthiness in cybersecurity. My goal? To make complex topics relatable and actionable for businesses of all sizes - just like Admin By Request strives to do.

Share this blog to your channels:

Get the Admin By Request Free Plan

Fill out the form with your work email and we’ll send your credentials to your inbox.

Book a Demo

Orange admin by request circle tick logo. » admin by request