As requested…………………………

Addressing the CrowdStrike update issue on remote devices, especially those without keyboards like POS systems, presents significant challenges. These devices often operate in restricted environments where accessing Safe Mode or running recovery scripts is complex.

The lack of input devices complicates manual interventions, while remote management tools might not fully support Safe Mode operations. Ensuring BitLocker recovery and executing scripts without physical interaction requires advanced planning and robust remote management solutions, which might not be feasible for all organisations.

 

USB FIX

It appears that the latest update to CrowdStrike’s Falcon sensor, version 6.58, has been causing widespread Blue Screen of Death (BSOD) errors. To resolve this issue and reverse the update, you can follow these steps while your system is in Safe Mode with BitLocker enabled:

  1. Boot into Safe Mode using the BitLocker recovery key.
  2. Open a command prompt with administrative privileges.
  3. Create a script to switch the update channel. Save this script to a USB drive:

@echo off
REM Uninstall the current CrowdStrike version
sc stop csagent
“C:\Program Files\CrowdStrike\CSUninstallTool.exe” /quiet /norestart

REM Install the previous stable version
msiexec /i “C:\path_to_previous_version\CrowdStrikeSetupVersionN-1.msi” /quiet /norestart

REM Configure the agent to use the previous update channel
reg add “HKLM\SOFTWARE\CrowdStrike\Device” /v UpdateChannel /t REG_SZ /d N-2 /f

REM Restart the system
shutdown /r /t 0

Execute the script from the USB drive.
This process will revert CrowdStrike to a more stable version and switch the update channel to avoid the problematic update.

If you need further assistance or specific files, please contact CrowdStrike support, as they might have additional tools or scripts for this process​.

Mass fix for 100 or remote devices / nodes 

To reverse the CrowdStrike update remotely on thousands of desktops, you can create and deploy a script using Group Policy, SCCM, or a similar tool. Here’s a sample PowerShell script that can be used for this purpose:

  1. Create the PowerShell Script:

# Stop CrowdStrike services
Stop-Service -Name “csagent” -Force

# Uninstall the current CrowdStrike version
Start-Process -FilePath “C:\Program Files\CrowdStrike\CSUninstallTool.exe” -ArgumentList “/quiet”, “/norestart” -Wait

# Install the previous stable version
Start-Process -FilePath “msiexec.exe” -ArgumentList “/i”, “C:\path_to_previous_version\CrowdStrikeSetupVersionN-1.msi”, “/quiet”, “/norestart” -Wait

# Configure the agent to use the previous update channel
Set-ItemProperty -Path “HKLM:\SOFTWARE\CrowdStrike\Device” -Name “UpdateChannel” -Value “N-2”

# Restart the system
Restart-Computer -Force

2. Deploy the Script:

Using Group Policy:

Open Group Policy Management Console (GPMC).
Create a new GPO or edit an existing one.
Navigate to Computer Configuration -> Policies -> Windows Settings -> Scripts (Startup/Shutdown).
Add the PowerShell script to the Startup scripts.
Using SCCM:

Create a new package in SCCM.
Distribute the package to the distribution points.
Create a new deployment for the package.
Target the deployment to the appropriate device collection.

3Ensure BitLocker Recovery:

Ensure that your deployment tool can handle BitLocker-enabled devices by using a pre-approved BitLocker recovery method or script.
This approach allows you to automate the rollback process across all affected devices in your organisation.

https://www.linkedin.com/posts/activity-7219965030736244736-cKey?utm_source=share&utm_medium=member_desktop 

BSOD error in latest hashtagCrowdstrike update
https://lnkd.in/ekPjzjpg

hashtagMicrosoft: Outage; –
Preliminary root cause: Repost for others

A configuration change in a portion of our Azure backend workloads, caused interruption between storage and compute resources which resulted in connectivity failures that affected downstream Microsoft 365 services dependent on these connections.
https://lnkd.in/eh7xTqU5 for monitoring

AWS users are smiling………………….:) My Mac is fine too