You must log in or register to comment.
It seems to be crowdstrike reacting to the new update.
We have got ours up by the very manual process of:
1 Boot into safe mode.
-
Navigate to C:\windows\system32\drivers\crowdstrike
-
Delete C-00000291*.sys
-
Reboot normally
Maybe a stupid question but why would not reaching an online service (?) blue screen your computer?
I guess if the code acted as if it got a valid response without checking it could get into a very weird state. Or the code just fails hard.
At the driver level it’s very easy to kill things.
It has a privileged service running locally - csagent.sys - that was crashing causing the BSOD.
-
so it got backdoored, or QA is trash or both at the same time. hate it when CI builds come so fast you cant verify the latest shipping rootkit
