Table of Contents
Table of Contents

Reports of boot issues affecting Windows systems with CrowdStrike security software installed have caused concern in the IT community and chaos for businesses worldwide. While CrowdStrike has now addressed the problem, many IT professionals found themselves scrambling for the cause (and now solutions) in the interim. During this time, several Cimcor users reported successfully leveraging CimTrak to identify and understand these issues. 

Our Senior Engineer, Justin Chandler, has shared a temporary workaround:

  1. Boot the affected system in Safe Mode or Recovery Mode
  2. Navigate to C:\\Windows\System32\Drivers\Crowdstrike
  3. Locate the driver file matching the pattern "C-00000291* .sys
  4. Delete this file
  5. Reboot the system

CimTrak played a crucial role in the investigation process for many of our users. One reported that CimTrak detected multiple engineer workstations going offline unexpectedly around 1-1:30 AM. Upon closer inspection, CimTrak logs revealed a series of CrowdStrike driver changes occurring immediately before the systems went offline, specifically involving the C-00000291 driver. 

 

While CimTrak's restore features couldn't be utilized due to the boost failure, the detailed logs provided invaluable insights into the timing and nature of the changes, enabling users to conduct further research and work towards resolving the issue. 

CrowdStrike has since acknowledged and addressed the problem. Taking to X for comment, CrowdStrike CEO George Kurtz stated, "CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed. We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website."

 

This incident underscores the importance of comprehensive system monitoring and change detection in maintaining IT infrastructure health and quickly identifying the source of critical issues. We're proud that CimTrak continues to be a valuable tool for IT professionals in quickly diagnosing and addressing complex system problems. 

As always, we recommend keeping all your software up to date and following vendor-provided guidelines for addressing known issues. For those affected by this specific CrowdStrike issue, please refer to their official support channels for the most up-to-date information and resolution steps. 

Tags:
News CimTrak
Kayla Kinney
Post by Kayla Kinney
July 19, 2024
Kayla Kinney is a seasoned marketing professional with over 14 years of experience in the industry, honing her expertise in strategic marketing at a leading agency for the previous 6 years. She holds an MBA with a concentration in cybersecurity, combining her passion for marketing with a keen interest in safeguarding businesses and their customers against evolving digital threats. As the Director of Marketing and Communications, Kayla leads strategic marketing initiatives and develops effective communication strategies to promote our cutting-edge security solutions, driving brand awareness industry-wide.

Comments

About Cimcor

Cimcor’s File Integrity Monitoring solution, CimTrak, helps enterprise IT and security teams secure critical assets and simplify compliance. Easily identify, prohibit, and remediate unknown or unauthorized changes in real-time