Help CenterThere has been a reported issue with CrowdStrike whereby a faulty channel file has caused many Windows computers to blue screen.
ThreatLocker® has not been affected by this issue, as we do not use CrowdStrike internally. However, ThreatLocker® and CrowdStrike have numerous mutual customers.
CrowdStrike's advice is to boot affected machines into Recovery/Safe Mode, and delete "C:\Windows\System32\drivers\CrowdStrike\C-00000291*.sys"
ThreatLocker® is working on a global solution to remove the problematic CrowdStrike update file from any/all machines running ThreatLocker®.
Solutions for CrowdStrike blue screen
Solutions that have worked for some customers may help you get your machines back online.
- In the interim we have published a new Community Storage Control Policy – named CrowdStrike C-00000291*.sys block, which blocks reads and writes to the files named by CrowdStrike as problematic.
- Some customers have had success in alleviating the issue by creating a Global Deny policy for CrowdStrike (Built-In), but this approach should be used with caution and only if the above Community Policy does not help.
- If you come through ThreatLocker support, the Cyber Hero Team can assist you in deleting "C-00000291-00000000-00000032.sys"
If any customers need MDR services, you can contact your ThreatLocker® account manager to have it enabled, free of charge.
Video Overview
Please watch the below video of our CEO Danny Jenkins, in which he provides a more detailed explanation of the current CrowdStrike Blue Screen Issue and how ThreatLocker is striving to provide quick and realtime solutions for our customers during this time.
Please Note: This KB will continue to be updated as more information becomes available.