今天laptop不能开机，蓝屏

你蓝了吗， 哈哈. 一早不能开机，然后看新闻全球大面积蓝屏。公司IT让我去公司他们可以fix 。
本来4天半工作制周五关门，结果一群人在那等laptop, IT好忙啊。

Symptoms include hosts experiencing a bugcheck\blue screen error related to the Falcon Sensor. Windows hosts which have not been impacted do not require any action as the problematic channel file has been reverted. Windows hosts which are brought online after 0527 UTC will also not be impacted Hosts running Windows7/2008 R2 are not impacted. This issue is not impacting Mac- or Linux-based hosts Channel file "C-00000291*.sys" with timestamp of 0527 UTC or later is the reverted (good) version. Channel file "C-00000291*.sys" with timestamp of 0409 UTC is the problematic version.
Crowdstrike is currently pushing out the fix, a manual fix incase the push is pending.
Reboot the host to give it an opportunity to download the reverted channel file. If the host crashes again, then: Boot Windows into Safe Mode or the Windows Recovery Environment Note: Putting the host on a wired network (as opposed to WiFi) and using Safe Mode with Networking can help remediation.   Navigate to the %WINDIR%\System32\drivers\CrowdStrike directory Note: On WinRE/WinPE, navigate to the Windows\System32\drivers\CrowdStrike directory of the OS volume Locate the file matching “C-00000291*.sys”, and delete it. Boot the host normally.

小红书上搜一下，进入蓝屏的recovery mode然后装上crowdstrike monitor就可以了。
当然也可以重启试试，有些重启就行了

听说目前temp的solution不能远程解决，所以只有onsite能给到暂时的解决方案，remote的只能等。但是为啥我们公司有的蓝了可是我的没蓝屏，只能继续搬砖😅

汤团圆圆 发表于 2024-07-19 10:40
听说目前temp的solution不能远程解决，所以只有onsite能给到暂时的解决方案，remote的只能等。但是为啥我们公司有的蓝了可是我的没蓝屏，只能继续搬砖😅

你可以重启一下

baidukaohe333 发表于 2024-07-19 10:24
Symptoms include hosts experiencing a bugcheck\blue screen error related to the Falcon Sensor. Windows hosts which have not been impacted do not require any action as the problematic channel file has been reverted. Windows hosts which are brought online after 0527 UTC will also not be impacted Hosts running Windows7/2008 R2 are not impacted. This issue is not impacting Mac- or Linux-based hosts Channel file "C-00000291*.sys" with timestamp of 0527 UTC or later is the reverted (good) version. Channel file "C-00000291*.sys" with timestamp of 0409 UTC is the problematic version.
Crowdstrike is currently pushing out the fix, a manual fix incase the push is pending.
Reboot the host to give it an opportunity to download the reverted channel file. If the host crashes again, then: Boot Windows into Safe Mode or the Windows Recovery Environment Note: Putting the host on a wired network (as opposed to WiFi) and using Safe Mode with Networking can help remediation.   Navigate to the %WINDIR%\System32\drivers\CrowdStrike directory Note: On WinRE/WinPE, navigate to the Windows\System32\drivers\CrowdStrike directory of the OS volume Locate the file matching “C-00000291*.sys”, and delete it. Boot the host normally.

连小本科生的Final Project, 都被要求在各个环境反复测试. 这种全球直接push update的项目, 没测过??? Solarwind security breach 还没几年呢. 现在这些IT management/security 的软件是大祸害. 如果每个公司的IT自己小范围测试后, 再push update, 就不会有这些问题了. 可惜现在的IT department 就是个customer service, 一切问题找vendor, 他们不用担责也不用管.

想要好的，得加钱。

重启一下也不可以？ 我昨夜在加班实在太累，很多窗口工作都没有完成也没有save，今天自动重启，可忴昨天弄了好几个小时的工作得重新做。

没蓝… 天选打工人…

微软说了，连续重启15次就可以解决问题

市场问责的力度：微软跌 小于1％, CrowdStrike 跌9％

ss4me 发表于 2024-07-19 11:50
微软说了，连续重启15次就可以解决问题

怎么个连续重启法？我应该已经重启超过十次了，不知道有没有15次

重启15次那个据说只适用于虚拟机。

回复 13楼 crystalhuang 的帖子
Customers can delete a specific file called “C00000291*.sys, which is seemingly tied to the bug, Microsoft said in a status update published Friday. But in some cases, people can’t even get to a spot where they can delete that file. In an update posted Friday morning, Microsoft told users that they should simply reboot Virtual Machines (VMs) experiencing a BSoD over and over again until they can fix the issue. This is perhaps one of the best “turn it off and turn it back on” suggestions ever. “We have received reports of successful recovery from some customers attempting multiple Virtual Machine restart operations on affected Virtual Machines,” Microsoft told users. “We have received feedback from customers that several reboots (as many as 15 have been reported) may be required, but overall feedback is that reboots are an effective troubleshooting step at this stage.” 

ss4me 发表于 2024-07-19 11:50
微软说了，连续重启15次就可以解决问题

不如吿诉我重启人生算了😐

今天还能修好吗。。。。。。。

me too。据说是前一天关机了的没事。前一天没关机或者进入sleep mode的，都蓝屏了。

rosiry11 发表于 2024-07-19 12:33
me too。据说是前一天关机了的没事。前一天没关机或者进入sleep mode的，都蓝屏了。

我没有关机，但是我断开了 VPN，今天没事情

Mylittlegirl 发表于 2024-07-19 10:18
你蓝了吗， 哈哈. 一早不能开机，然后看新闻全球大面积蓝屏。公司IT让我去公司他们可以fix

刚从公司回家路上……唉，折腾人啊

ss4me 发表于 2024-07-19 11:50
微软说了，连续重启15次就可以解决问题

不行，我在家重启无数次，放弃，还是去公司找IT了

rosiry11 发表于 2024-07-19 12:33
me too。据说是前一天关机了的没事。前一天没关机或者进入sleep mode的，都蓝屏了。

太难了，我们一般365天都不关机…

baidukaohe333 发表于 2024-07-19 10:24
Symptoms include hosts experiencing a bugcheck\blue screen error related to the Falcon Sensor. Windows hosts which have not been impacted do not require any action as the problematic channel file has been reverted. Windows hosts which are brought online after 0527 UTC will also not be impacted Hosts running Windows7/2008 R2 are not impacted. This issue is not impacting Mac- or Linux-based hosts Channel file "C-00000291*.sys" with timestamp of 0527 UTC or later is the reverted (good) version. Channel file "C-00000291*.sys" with timestamp of 0409 UTC is the problematic version.
Crowdstrike is currently pushing out the fix, a manual fix incase the push is pending.
Reboot the host to give it an opportunity to download the reverted channel file. If the host crashes again, then: Boot Windows into Safe Mode or the Windows Recovery Environment Note: Putting the host on a wired network (as opposed to WiFi) and using Safe Mode with Networking can help remediation.   Navigate to the %WINDIR%\System32\drivers\CrowdStrike directory Note: On WinRE/WinPE, navigate to the Windows\System32\drivers\CrowdStrike directory of the OS volume Locate the file matching “C-00000291*.sys”, and delete it. Boot the host normally.

没用啊。reboot一上午了，还那个德行

yayapig 发表于 2024-07-19 10:55
连小本科生的Final Project, 都被要求在各个环境反复测试. 这种全球直接push update的项目, 没测过??? Solarwind security breach 还没几年呢. 现在这些IT management/security 的软件是大祸害. 如果每个公司的IT自己小范围测试后, 再push update, 就不会有这些问题了. 可惜现在的IT department 就是个customer service, 一切问题找vendor, 他们不用担责也不用管.

估计100%是印度测试，全球发行

两windows 11 笔记本，关机和没关机的都没事。 都不用Microsoft账号，用的都是本机local账号。

今天公司IT难得如此忙

公司通知了，受竞选影响，ai操控，非蓝即红

ss4me 发表于 2024-07-19 12:01
回复 13楼 crystalhuang 的帖子
Customers can delete a specific file called “C00000291*.sys, which is seemingly tied to the bug, Microsoft said in a status update published Friday. But in some cases, people can’t even get to a spot where they can delete that file. In an update posted Friday morning, Microsoft told users that they should simply reboot Virtual Machines (VMs) experiencing a BSoD over and over again until they can fix the issue. This is perhaps one of the best “turn it off and turn it back on” suggestions ever. “We have received reports of successful recovery from some customers attempting multiple Virtual Machine restart operations on affected Virtual Machines,” Microsoft told users. “We have received feedback from customers that several reboots (as many as 15 have been reported) may be required, but overall feedback is that reboots are an effective troubleshooting step at this stage.” 

麻烦哦😐

公司IT发instruction, 手动删掉CrowdStrike相关的一个程序。然后就正常log in 了。 我老板sleep mode,居然没蓝屏。

baidukaohe333 发表于 2024-07-19 11:56
市场问责的力度：微软跌 小于1％, CrowdStrike 跌9％

实际微软也有很大责任，vendor的update他们也应该测试的

都是那些 security software 惹的祸。 现在最讨厌 Windows 把越来越多的 bloatware 加塞进 Windows10/Windows11. 如果是装个干干净净的系统，像 Linux，不装任何 security software。自己平时上网时小心，不要轻易下载东西，根本不会出问题，也不会让机器变慢。

winniwang 发表于 2024-07-19 11:45
没蓝… 天选打工人…

+1

MacBook

ahaninil 发表于 2024-07-19 13:44
公司IT发instruction, 手动删掉CrowdStrike相关的一个程序。然后就正常log in 了。 我老板sleep mode,居然没蓝屏。

Instructions 能不能分享下啊？我们公司IT 今天很干脆地针对蓝屏问题设置了留言，也不知要等到何时才能等来他们的回复，我很抓狂，因为有很重要的工作急着要做啊 。。。

话说我觉得ups也中招了。我的包裹说是uncontrollable vent delay package delivery。

没用啊。reboot一上午了，还那个德行
小亥 发表于 2024-07-19 12:43

delete C-00000291*.sys in the Windows\System32\drivers\CrowdStrike directory of the OS volume
实测有效

winniwang 发表于 2024-07-19 11:45
没蓝… 天选打工人…

我们也没蓝 其他文件系统也好好的

rosiry11 发表于 2024-07-19 12:33
me too。据说是前一天关机了的没事。前一天没关机或者进入sleep mode的，都蓝屏了。

哇原来是这个… 我十一点半log off的

雷地豫 发表于 2024-07-19 13:12
两windows 11 笔记本，关机和没关机的都没事。 都不用Microsoft账号，用的都是本机local账号。

没有crowdstrike的也没事。

usayso 发表于 2024-07-19 13:27
公司通知了，受竞选影响，ai操控，非蓝即红

Haha this is a good one!

baidukaohe333 发表于 2024-07-19 14:52
delete C-00000291*.sys in the Windows\System32\drivers\CrowdStrike directory of the OS volume
实测有效

Windows\System32\drivers 里没看到　CrowdStrike directory 　这个目录呀。

baidukaohe333 发表于 2024-07-19 14:52
delete C-00000291*.sys in the Windows\System32\drivers\CrowdStrike directory of the OS volume
实测有效

这个directory 怎么进去？

Tina_tgif 发表于 2024-07-19 14:34
Instructions 能不能分享下啊？我们公司IT 今天很干脆地针对蓝屏问题设置了留言，也不知要等到何时才能等来他们的回复，我很抓狂，因为有很重要的工作急着要做啊 。。。

你不用着急。因为资本家比你更急啊！

baidukaohe333 发表于 2024-07-19 14:52
delete C-00000291*.sys in the Windows\System32\drivers\CrowdStrike directory of the OS volume
实测有效

靠。locked by bitlock encryption. 还是没用。你家的IT security不过关啊。我家的倒是过关了，毛用没有

Mylittlegirl 发表于 2024-07-19 10:18
你蓝了吗， 哈哈. 一早不能开机，然后看新闻全球大面积蓝屏。公司IT让我去公司他们可以fix

是啊，今天我老公本来在家，一早开会还夸娃儿懂得给他递水了。这消息一爆，好几个同事登陆有问题，赶忙着去公司了。

ss4me 发表于 2024-07-19 11:50
微软说了，连续重启15次就可以解决问题

我重启了20次+了吧 还是不行🤣

ahaninil 发表于 2024-07-19 13:44
公司IT发instruction, 手动删掉CrowdStrike相关的一个程序。然后就正常log in 了。 我老板sleep mode,居然没蓝屏。

不是 一log in 立刻就蓝屏了啊 哪有时间删程序啊？

windows自从win7达到顶峰后，一直在走下坡路。win10以后都是一坨，动不动就update，让人烦不胜烦。

201120152019 发表于 2024-07-19 18:19
不是 一log in 立刻就蓝屏了啊 哪有时间删程序啊？

蓝屏有个trouble shoot 选项。从这个选项进去后，我们是要先去公司系统找到自己的security key, 然后run and delete.

需要删掉那个291文件，但能进去先得需要bitlockwr key（找it要），在安全mode里去那个folder删掉那个文件，这里需要local admin cred（找it要），就行了。

发生了啥？我电脑没事儿。因为最近有个update没装吗？

我也是天选打工人，没有蓝屏。有也是挺糟心的，事儿没干完还得远程联系IT去修。

我没蓝，是不是就应该没问题了？

gvcc 发表于 2024-07-19 18:35
windows自从win7达到顶峰后，一直在走下坡路。win10以后都是一坨，动不动就update，让人烦不胜烦。

所以微软又叫蓝翔

wannaquit 发表于 2024-07-19 18:47
需要删掉那个291文件，但能进去先得需要bitlockwr key（找it要），在安全mode里去那个folder删掉那个文件，这里需要local admin cred（找it要），就行了。

爱替问我明天去公司吗?我回，可能

全公司瘫痪，那个忙的. 我sleep mode,也逃过一劫.

yayapig 发表于 2024-07-19 10:55
连小本科生的Final Project, 都被要求在各个环境反复测试. 这种全球直接push update的项目, 没测过??? Solarwind security breach 还没几年呢. 现在这些IT management/security 的软件是大祸害. 如果每个公司的IT自己小范围测试后, 再push update, 就不会有这些问题了. 可惜现在的IT department 就是个customer service, 一切问题找vendor, 他们不用担责也不用管.

问题是这种公司推出这些update的时候自己内部不先测试一下的吗？

shanggj 发表于 2024-07-19 17:42
Windows\System32\drivers 里没看到　CrowdStrike directory 　这个目录呀。

非admin