Skip to main content

How To Fix Crowdstrike BSOD (July 2024) [Full]

These are the steps to fix the BSOD issue caused by csagent.sys.

We assume your computer is on the Recovery Screen

If you do not see this screen seeplease thecontact lastus sectionat of this page.ithelp@phmail.ucdavis.edu

There are 2 methods of fixing this. One uses safe mode, the other uses the recovery command prompt. Both methods will require a bitlocker key. The Safe Mode Method will also require an admin account

Obtaining a Bitlocker Key

To get your bitlocker key, email us at ithelp@phmail.ucdavis.edu and send us your machine's serial number (HP) or service tag (Dell)

(PHS IT Only, We can retrieve the bitlocker key by sending the machine name to the --CrowdStrike Failure Technical Workgroup** Teams group. Someone from their side will respond with the bitlocker key)

Command Prompt Method

This method does not require an admin account

  1. Click on See advanced repair options
  2. Click on Troubleshoot > Advanced Options > Command Prompt
  3. It will now ask you to enter your Bitlocker key, Type it in the box and press enter
  4. You should now see a command prompt,prompt. Carefully type the following commands and hit Enter after each line:
    (Line 2 may wrap if viewing this on a mobile device. Line 2 is one line, not multiple lines)
    C:
    
    • If it gives you an error, see the Find your main drive letter section below
  5. Run the following command and hit enter:
    cd Windows\System32\drivers\CrowdStrike
    
  6. Type the following and hit tab. It should finish the command for you
    del /f C-0000029100000291*.sys
    
  7. The finished commandIt should look something like delthis /fif C-00000291-00000XXX-00000XXX.syseverything Ifis so,done hitcorrectly
    enter.
  8. You can now close the command prompt with the X in the top right corner
  9. In the next screen click the option to Continue To Windows

Your computer should now be back up and running.

Safe Mode Method

This method requires an admin account

  1. Click on See advanced repair options
  2. Click on Troubleshoot > Advanced Options System Startup > Reboot
  3. It will now ask you to enter your Bitlocker key, Enter it and press enter
  4. Select the option to boot into Safe Mode (Usually Option 4)
  5. Log in with admin account
  6. Navigate to C:\Windows\System32\drivers\CrowdStrike
  7. Delete C-00000291-00000XXX-00000XXX.sys
  8. Reboot (Start > Power Icon > Reboot)

Your computer should now be back up and running

Find your main drive letter

If you are using the command prompt method and it gives you an error when typing C: then recovery likely gave your main drive a different letter.

To find the correct letter, do the following:

  1. Run
    diskpart
    
  2. When the diskpart utility shows up type
    list disk
    
    DISKPART> list disk
    
    Disk ###  Status         Size     Free     Dyn  Gpt
    --------  -------------  -------  -------  ---  ---
    Disk 0    Online          238 GB  5120 KB        *
    
  3. If you have multiple drives, select the one that is for your C drive. Otherwise it is disk 0. Type:
    sel disk 0
    
  4. Run:
    list vol
    
    DISKPART> list vol
    
    Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
    ----------  ---  -----------  -----  ----------  -------  ---------  --------
    Volume 0     C   Windows      NTFS   Partition    237 GB  Healthy    Boot
    Volume 1         SYSTEM       FAT32  Partition    260 MB  Healthy    System
    Volume 2         Windows RE   NTFS   Partition    821 MB  Healthy    Hidden
    
  5. In the second column, find the letter for the largest partition. That is the letter you will be using instead of C
  6. Type exit to leave diskpart and return to a normal command prompt
    exit