On July 19, local time, some applications and services under Microsoft experienced access delays, incomplete functions or inaccessibility issues. A large number of Microsoft Windows users around the world encountered blue screens, and related topics became hot searches.
According to media reports, Microsoft Support Center customer service staff said that for the batch of blue screens on computers, they learned that most of the blue screens occurred after the company’s computers installed third-party antivirus software.
Customer service said that it has been confirmed that the blue screen was caused by the update of related antivirus software. In this case, if modifying the driver file name is invalid, it can only be recommended to contact the company’s IT for further processing.
It is understood that after the Sensor of CrowdStrike Falcon was updated today, the kernel driver file csagent.sys caused a large area of Windows system blue screens around the world.
Cybersecurity software company Crowdstrike released a message on its support platform saying that the company has received a large number of reports about blue screens on Windows computers. The company’s engineering department has determined that the problem is related to “content deployment” and has now restored these changes. Affected users are advised to boot their computers into safe mode or recovery environment, navigate to the C:\Windows\System32\drivers\CrowdStrike directory, find the file matching “C-00000291*.sys” and delete it, and the computer can be started normally.
Some netizens suggested that you boot through recovery mode, or restart abnormally multiple times to enter safe mode, and rename the following files to other file names:
C:\Windows\System32\drivers\CrowdStrike\csagent.sys.
Or directly rename the C:\Windows\System32\Drivers\Crowdstrike folder.