CrowdStrike BlueScreen Issue

Early on Friday, 7/19/24, the software CrowdStrike, used on many Wharton servers and individual computers, deployed an update that crashed any Windows machines that were up and running at the time. Symptoms include computers experiencing a bug check/blue screen error related to the Falcon Sensor. This is affecting Windows systems globally.

We will continue to update this page with information as it becomes available.

People Who Are Affected

Anyone with a Wharton-managed Windows computer, or is using a Windows computer that is protected by CrowdStrike may be affected if the computer applied updates (possibly automatically) between 12:09AM EDT(4:09 UTC) and 1:27AM (5:27 UTC) on Friday 7/19. A number of Wharton applications and services have also been affected by this issue.

If you experience a blue screen error related to the Falcon Sensor, follow the steps below.

The problem was fixed at 1:27am EST, so any computers that were not up and running during this time  may not have been affected.

Remediation Steps

If your computer has a blue screen, restart it to give it an opportunity correctly reboot itself.

If it continues to show the blue recovery screen, then please submit a ticket to Wharton Computing and someone will reach out to assist you with the recovery steps on your mobile device or a secondary working computer.

If you are on the blue Windows Automatic Repair or Recovery Mode screen, skip to Step 3. If not, follow these steps:

  1.  Turn your computer off by holding the power button down for 10 seconds.
  2. Using your built-in laptop keyboard, hold down the Windows Key and the R key together and press the power button, continuing to hold the Windows Key + R until the blue Recovery screen loads.
  3. Click Automatic Repair or See advanced repair options.
  4. Click Troubleshoot.
  5. Click Advanced options.
  6. Click Command Prompt.
  7. If prompted, enter the BitLocker Recovery Key using your built-in computer keyboard.  If you do not have your BitLocker Recovery Key, please submit a ticket to Wharton Computing and someone will reach out to assist you. 
  8. At the command prompt, type C: and press Enter.
  9. Type the following: 
    cd Windows\System32\drivers\CrowdStrike 
    and press Enter. Note that this should all be typed as a single line, though if you are viewing this article on your phone it may appear as multiple lines.*
  10. Type the following:
     del C-00000291*.sys 
    (five zeros and then 291*) and then press Enter.
    •  If typed incorrectly, you will get an error message saying it could not find the file. Carefully retype the command and hit Enter again.
    •  If you typed it correctly and the file was found, you will see the command line from Step #8 appear again.
      You can proceed to Step #11. 
  11. Click the X at the top right of the Command Prompt window, which will take you back to the Advanced Repair screen. 
  12. Click Continue to exit and boot into Windows. Your machine will reboot successfully. If not, let your IT representative know.

Additional Information

For more details on the issue, see Crowdstrike's announcement.

Questions?

 Contact your Wharton Computing representative.