Fix Crowd Strike BSOD loop automatically using Ivanti EPM

Fix Crowd Strike BSOD loop automatically using Ivanti EPM
  • Tjdeed
  • July 31, 2024
  • No Comments

Fix Crowd Strike BSOD loop automatically using Ivanti EPM, A flawed update to CrowdStrike Falcon sent Windows servers and PCs across the globe into an endless reboot cycle that IT organizations are still working to remediate.

Here an solution to automatically fix the Crowd Strike BSOD loop using ivanti EPM:

  • Login to the console – tools – provisioning – Os provisioning
  • Create a new empty template and name it as Fix Crowdstrike BSOD loop or something similar & meaningful.
  • under action list – pre-OS installation – add action – Type – execute a file – ok
  • go to the newly created action – under target path & file name add the below entry:
  1. %%windir%%\system32\cmd.exe
  • under command line parameters add the below entry :
  1. /C del C:\Windows\System32\drivers\CrowdStrike\C-00000291*.sys
  • select Expected return value = 0
  • add another action under action list – pre-OS installation – add action – Type – Reboot/Shutdown – ok
  • apply – ok to save the template
BSOD
  • Create scheduled task by right clicking on the template – add the machine encountering Crowd Strike BSOD loop -start the task.
  • Pxe boot the machine encountering Crowd Strike BSOD loop
  • The machine will then be successfully fixed, reboot & boot as expected .

Video Tutorial at https://www.youtube.com/watch?v=fW_xrIsY3Ao

Note:

  1. The template status will remain active even after the machine has been fixed as just after the fix it rebooted & wont be able to report the core server, however the issue is fixed, if you want to see the task status as success just remote the reboot action from the template & once the task finishes, remote control the machine directly from the task – devices – remote control & reboot.
  2. Reboot action doesn’t need to be removed from the template if used using disconnected template. (offline)
  • If the machines are in a disconnected environment or pxe boot is not available create a bootable usb by usinf disconnected template feature by right clinking the newly created template – disconnected template (offline).
  • Reboot the BSOD loop machine using the bootable usb.
  • The machine will then be successfully fixed, reboot & boot as expected .

For more information about Ivanti services, click here