July 2024 Crowdstrike Windows Fix

There are two methods to repair systems affected by the Crowdstrike issue.

The Automated Tool. You need to be on campus and connected directly to the network (not wireless). This is the easiest solution.
The Manual Method. Use this method if off-campus or using wireless on or off campus. The steps are fairly straightforward but you will need to follow instructions carefully and enter commands exactly as written.

1. Automated Tool (on Campus with a Wired Network Connection Only):

Restart your machine (either by powering on the computer or using the Restart button on the blue screen).
As the system restarts, press F12 on the keyboard repeatedly until you see a boot menu.
1. Note: if you are using a wireless keyboard, you may need to hold the Fn key constantly while hitting F12 to activate the Function key.
You should see a screen with the option Onboard NIC (IPV4) on the left-hand column.
Find and select the option that includes the words IPV4 (IPv4) or PXE. You may need to use your mouse or keyboard to highlight the right option. Press ENTER to select this option.
Your computer will reboot.
If you are prompted with a Boot Menu after the reboot, select the option that says IPV4 (IPv4) or PXE and hit Enter again.

If you see this screen, just hit Enter
On the next screen (below), use the keyboard to scroll down to select LTS Crowdstrike Fix and hit Enter.

Depending on the network speed in your building, you may or may not see the following screen:

A white/gray blank screen will pop up next. This is normal (wait). The blank screen will change to the screen in step 10.
Screen says: “Waiting for network, attempt 1 of 20”
After a few moments, you will see this screen.
Screen says: “Network ready!”
The computer should automatically reboot and you should be able to log back in. If this fix does not work, you may try the Manual Method listed below.

If you do not feel comfortable attempting this method, please submit a helpdesk ticket here.

On the Windows 10 or 11 recovery screen, please click “See advanced repair options.”

The See advanced repair options are circled here.

Choose Advanced options.

Choose Command Prompt.

Now the system will prompt you to unlock the drive with the Bitlocker recovery key. To obtain the BitLocker recovery key, use one of the following websites:
- If the Drive Label starts with FS************, use https://mbam3.lehigh.edu/selfservice
- If the Drive Label starts with AP************, use My Account

Important: Before you press Continue, note the first 2 letters adjacent to the Drive Label at the bottom of the screen (either FS or AP).

Enter the recovery key and note the Drive label.

If you have any issues getting the recovery key, please put in a helpdesk ticket here.

If you enter your Bitlocker key successfully, a command prompt window will appear:

X:\Windows\System32> is the command prompt.

Enter the command as shown.

A listing of device information displays. Find the WINDOWS VolumeName. Note the DeviceID that is on the same line. In this case, the DeviceID on the same line as WINDOWS is C:

C: is on the same line as the VolumeName WINDOWS.

Next, type the command below at the command line. Type the text exactly using your DeviceID letter where you see the green highlighted example. In this example, the example DeviceID letter C: is highlighted green.

del /p C:\windows\system32\drivers\CrowdStrike\C-00000291*.sys

Type this command, substituting the drive letter/DeviceID for your device.

Then you will get a confirmation message that says “Are you sure you want to delete that file?” Make sure you have the right file, ending 291*.sys, then press Y.

Confirmation Screen for the file deletion

If neither method works for your computer, please submit a helpdesk ticket here.