Register today for Zero Trust World 2025!
Back to Blogs Back to Press Releases
ThreatLocker_Blog_CrowdStrike_Blue_Screen_Issue

CrowdStrike blue screen issue

Table of Contents

CrowdStrike Blue Screen Issue

As many are aware, there has been an issue with CrowdStrike whereby a faulty channel file has caused many Windows computers to blue screen.

ThreatLocker® detected a significant issue impacting multiple devices running CrowdStrike software in the early hours of the morning on Friday July 19th, shortly after 11:30PM EST. ThreatLocker® has not been affected by this issue, as we do not use CrowdStrike internally. However, ThreatLocker® and CrowdStrike have numerous mutual customers.

CrowdStrike's advice is to boot affected machines into Recovery/Safe Mode, and delete "C:\Windows\System32\drivers\CrowdStrike\C-00000291*.sys"

ThreatLocker® is working on a global solution to remove the problematic CrowdStrike update file from any/all machines running ThreatLocker®.

Solutions for CrowdStrike blue screen

Solutions that have worked for some customers may help you get your machines back online.

  • In the interim we have published a new Community Storage Control Policy – named CrowdStrike C-00000291*.sys block, which blocks reads and writes to the files named by CrowdStrike as problematic.
  • Some customers have had success in alleviating the issue by creating a Global Deny policy for CrowdStrike (Built-In), but this approach should be used with caution and only if the above Community Policy does not help.
  • If you come through ThreatLocker support, the Cyber Hero Team can assist you in deleting "C-00000291-00000000-00000032.sys"

If any customers need MDR services, you can contact your ThreatLocker® account manager to have it enabled free of charge.

This blog post will continue to be updated as more information becomes available.

Take control of your organization's security

Request your 30-day trial to the entire ThreatLocker platform today.

Try ThreatLocker