Global BSOD

[visibleman]

Where is the folder located?

del "C:\Windows\System32\drivers\CrowdStrike\C-00000291*.sys"

 

[squerble]

I run the European IT for a bank, Do I get to have an opinion or not?

...and I'm in charge of a team looking after a medium-sized University's entire Windows server infrastructure. If your opinion doesn't count, mine definitely doesn't?

EDIT: A university *not* using Crowdstrike, I might add.

 

[Sinbad2000]

we've been slowly recovering the boxes manually..

detach disc
attach to another instance that is running
remove file
re-attach
reboot

back online..

it's a Friday special for sure.

There must be an ansible playbook for that

 

[Dirk Diggler]

1. Boot Windows into Safe Mode or the Windows Recovery Environment
2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
3. Locate the file matching “C-00000291*.sys”, and delete it.
4. Boot the host normally.

Thanks, no directory there so can't just be solely Crowd Strike.

 

[chrismscotland]

...and I'm in charge of a team looking after a medium-sized University's entire Windows server infrastructure. If your opinion doesn't count, mine definitely doesn't?

EDIT: A university *not* using Crowdstrike, I might add.

Its funny; most of us in here probably work in places that don't use Crowdstrike; its why we have time to sit here and gloat (sorry I mean banter about it!)

 

[Nasher]

Its funny; most of us in here probably work in places that don't use Crowdstrike; its why we have time to sit here and gloat (sorry I mean banter about it!)

Yea, might knock off early today. Nice weather.

 

[413x]

fomo

Yeah this is looking like a good entry point have to say.

 

[Kelt]

del *.* fixes the problem apparently.

 

[Journey]

I've just been telling people to turn it off and on again, then blocking their number before they realise for once that does nothing.

 

[BUDFORCE]

Good thing for us it happened on Friday, our office is usually at >5% capacity. VPN and DCs have gone down so no doubt everyone working from home will be out sunbathing

Check.

 

[Street]

Its funny; most of us in here probably work in places that don't use Crowdstrike; its why we have time to sit here and gloat (sorry I mean banter about it!)

I'm sat here having a quiet Friday morning while my mate over in Germany is losing her mind as all their sites are down. She isn't happy!

 

[NickK]

Anyone scoring the day off for this one?

Who are we blaming, Putin..?

Crowdstrike.. and a botched MSFT update.

Ahh we’ve been having fun. And the legal/claims will echo on for a long time.

I suspect there will be a dual vendor mandate going forward.

 

[Hades]

Small fish, big pool and no one, NO ONE, on this forum is getting hit up to do anything important other than present opinion as fact because they run some car boot sale's EFTPOS system.

As mentioned, if our company was hit then it would absolutely be me getting it fixed.

 

[MrRockliffe]

One of our distributors is completely down - can’t quote or book anything.


Everything is working fine at my company though

 

[Sinbad2000]

del "C:\Windows\System32\drivers\CrowdStrike\C-00000291*.sys"

Question to those in the know

Does this have any effect on EDR on the affected server?

 

[[FnG]magnolia]

You have no idea what any of us do

Not stopping a global outage, apparently.

 

[Grim5]

Looks like my work PC did a BSOD due to crowdstrike however after restarting it booted up fine.

 

[RxR]

Not stopping a global outage, apparently.

Says the fella who couldnt stop his tree falling into his pool?

 

[LiE]

Looks like my work PC did a BSOD due to crowdstrike however after restarting it booted up fine.

 

[Journey]

Not stopping a global outage, apparently.

Nope, but we are the ones helping restore the **** up.