How to Resolve CrowdStrike BSOD Issues Quickly and with Minimal Effort

Preface

Many methods have been shared on the internet to fix the blue screen problem that occurred after the CrowdStrike agent update that broke out earlier today. However, many of these methods require unmanageable interventions. Changing the name of the directory where files related to the CrowdStrike agent are located is a generally accepted solution. The operating system deployment task sequence feature of the Configuration Manager software can be used to automatically change the name of this folder remotely. The attached zip file is the exported version of this task sequence. By importing this file or by simply preparing it yourself, you can change the name of the CrowdStrike folder on your computers and get the system up and running quickly.

Steps for Creating and Deploying Fix Task 

First, go to the Task Sequences menu under Operating System in Configuration Manager. Right click and select Create Task Sequence.

Create a new custom task sequence is selected and click next.

Write a name for the task sequence. Then finalize the wizard by going forward.

Operating system deployment tasks cannot be distributed to the All System if the boot file is provided. For this reason, we distribute before showing the boot file and then select the boot file.

Let's right click on the task and select Deploy,

In the Collection selection, select “All System” and click next, 

I recommend you select Available in the Purpose section. The systems will be booted optionally.

The subsequent screens are left as default and the distribution is completed.

Right click on the Task and select Properties.

At this stage, we can now select the boot file. From the Advanced tab, we select the Use a boot image option and select the appropriate boot file with browse. In the example below, the x64 boot file is selected. It is important that this boot file has the appropriate drivers to boot your systems.

Save by clicking OK.

Finally, we add the following steps to the Task.

1. Set Task Sequence Variable
2. Run Command Line
3. Restart Computer

You need to prepare these items as shown in the screenshots below.

Type: Set Task Sequence Variable 

Name: Set Task Sequence Variable 

Variable: SMSTSRebootDelay 

Value: 5 

Type: Run Command Line 

Name: Rename CrowdStrike Folder 

Command Line: cmd /c ren "C:\Windows\System32\drivers\CrowdStrike" CrowdStrike_old 

Command Line: cmd /c ren "D:\Windows\System32\drivers\CrowdStrike" CrowdStrike_old 

Type: Restart Computer 

Name: Restart Computer 

Select “The currently installed default operating system” 

Deselect Notify option 

After this stage, your problematic operating system is booted with PXE and the task is completed. After changing the name of the Task folder, the system will restart. It will be seen that the operating system is now booted properly. It would be useful to prevent CrowdStrik from receiving updates or to ensure that the corrected version is installed.