July 2024 Crowdstrike Windows Fix
There are two methods to repair systems affected by the Crowdstrike issue.
The Automated Tool. You need to be on campus and connected directly to the network (not wireless). This is the easiest solution.
The Manual Method. Use this method if off-campus or using wireless on or off campus. The steps are fairly straightforward but you will need to follow instructions carefully and enter commands exactly as written.
1. Automated Tool (on Campus with a Wired Network Connection Only):
Restart your machine (either by powering on the computer or using the Restart button on the blue screen).
As the system restarts, press F12 on the keyboard repeatedly until you see a boot menu.
Note: if you are using a wireless keyboard, you may need to hold the Fn key constantly while hitting F12 to activate the Function key.
You should see a screen with the option Onboard NIC (IPV4) on the left-hand column.
Find and select the option that includes the words IPV4 (IPv4) or PXE. You may need to use your mouse or keyboard to highlight the right option. Press ENTER to select this option.
Your computer will reboot.
If you are prompted with a Boot Menu after the reboot, select the option that says IPV4 (IPv4) or PXE and hit Enter again.
If you see this screen, just hit Enter
On the next screen (below), use the keyboard to scroll down to select LTS Crowdstrike Fix and hit Enter.
Depending on the network speed in your building, you may or may not see the following screen:
A white/gray blank screen will pop up next. This is normal (wait). The blank screen will change to the screen in step 10.
After a few moments, you will see this screen.
The computer should automatically reboot and you should be able to log back in. If this fix does not work, you may try the Manual Method listed below.
2. Manual Method (more steps but can be done from any location, on or off campus)
If you do not feel comfortable attempting this method, please submit a helpdesk ticket here.
On the Windows 10 or 11 recovery screen, please click “See advanced repair options.”
On the Troubleshoot window, click “Advanced options.”
On the Advanced options menu, click on “Command Prompt.”
Now the system will prompt you to unlock the drive with the Bitlocker recovery key. To obtain the BitLocker recovery key, use one of the following websites:
If the Drive Label starts with FS************, use https://mbam3.lehigh.edu/selfservice
If the Drive Label starts with AP************, use My Account
Important: Before you press Continue, note the first 2 letters adjacent to the Drive Label at the bottom of the screen (either FS or AP).
If you have any issues getting the recovery key, please put in a helpdesk ticket here.
If you enter your Bitlocker key successfully, a command prompt window will appear:
At the command prompt, type this command: wmic logicaldisk list brief
A listing of device information displays. Find the WINDOWS VolumeName. Note the DeviceID that is on the same line. In this case, the DeviceID on the same line as WINDOWS is C:
Next, type the command below at the command line. Type the text exactly using your DeviceID letter where you see the green highlighted example. In this example, the example DeviceID letter C: is highlighted green.
del /p C:\windows\system32\drivers\CrowdStrike\C-00000291*.sys
Then you will get a confirmation message that says “Are you sure you want to delete that file?” Make sure you have the right file, ending 291*.sys, then press Y.
Finally, click X to close the black window and restart your computer.
If neither method works for your computer, please submit a helpdesk ticket here.
For immediate help, contact the LTS Help Desk (Hours)
EWFM Library | Call: 610-758-4357 (8-HELP) | Text: 610-616-5910 | Chat | helpdesk@lehigh.edu
Submit a help request (login required)