brozkeff · July 19, 2024 12:26 · csuka · Jul 19, 2024 · brozkeff · Jul 19, 2024
diff --git a/crowdstrike-falcon-sensor-bsod-2024-07-19-workaround.bat b/crowdstrike-falcon-sensor-bsod-2024-07-19-workaround.bat
 @echo off
 setlocal enabledelayedexpansion

 :: Script to unfuck BSOD loop on Windows stations affected by Crowdstrike Falcon sensor screwed up update on 2024-07-19
 :: by renaming C-00000291*.sys files in C:\Windows\System32\drivers\CrowdStrike
 :: Reddit megathread: https://www.reddit.com/r/crowdstrike/comments/1e6vmkf/bsod_error_in_latest_crowdstrike_update/
 :: Quick and dirty solution by Martin Brozkeff Malec (brozkeff.net) with the help of ChatGPT
 :: Blog article: 
 :: https://www.brozkeff.net/2024/07/19/black-friday-2024-07-19-crowdstrike-falcon-edr-bsod-fuckup-workaround-batch-script-in-windows-safe-mode/

 :: Get current date and time for the log file name
 for /f "tokens=1-4 delims=/ " %%i in ('date /t') do set date=%%i-%%j-%%k
 for /f "tokens=1-4 delims=: " %%i in ('time /t') do set time=%%i-%%j
 set datetime=%date%_%time%

 :: Get hostname
 set hostname=%COMPUTERNAME%

 :: Define the log file name
 set logfilename=%~dp0log_%datetime%_%hostname%.txt

 :: Get OS version
 for /f "tokens=4-5 delims=[]. " %%i in ('ver') do set osversion=%%i %%j

 :: Navigate to the CrowdStrike directory
 cd /d C:\Windows\System32\drivers\CrowdStrike

 :: Write debug info to log file
 echo Hostname: %hostname% > "%logfilename%"
 echo OS Version: %osversion% >> "%logfilename%"
 echo >> "%logfilename%"

 :: Rename the files and log the actions
 echo Renaming files: >> "%logfilename%"
 for %%f in (C-00000291*.sys) do (
    set originalname=%%f
    set newname=%%f.bad
    ren "%%f" "%%f.bad"
    if exist "%%f.bad" (
        echo Renamed %%f to %%f.bad >> "%logfilename%"
    ) else (
        echo Failed to rename %%f >> "%logfilename%"
    )
 )

 :: Completion message
 echo Operation completed. Log file created at: %logfilename%

 endlocal
 pause
	@echo off
	setlocal enabledelayedexpansion

	:: Script to unfuck BSOD loop on Windows stations affected by Crowdstrike Falcon sensor screwed up update on 2024-07-19
	:: by renaming C-00000291*.sys files in C:\Windows\System32\drivers\CrowdStrike
	:: Reddit megathread: https://www.reddit.com/r/crowdstrike/comments/1e6vmkf/bsod_error_in_latest_crowdstrike_update/
	:: Quick and dirty solution by Martin Brozkeff Malec (brozkeff.net) with the help of ChatGPT
	:: Blog article:
	:: https://www.brozkeff.net/2024/07/19/black-friday-2024-07-19-crowdstrike-falcon-edr-bsod-fuckup-workaround-batch-script-in-windows-safe-mode/

	:: Get current date and time for the log file name
	for /f "tokens=1-4 delims=/ " %%i in ('date /t') do set date=%%i-%%j-%%k
	for /f "tokens=1-4 delims=: " %%i in ('time /t') do set time=%%i-%%j
	set datetime=%date%_%time%

	:: Get hostname
	set hostname=%COMPUTERNAME%

	:: Define the log file name
	set logfilename=%~dp0log_%datetime%_%hostname%.txt

	:: Get OS version
	for /f "tokens=4-5 delims=[]. " %%i in ('ver') do set osversion=%%i %%j

	:: Navigate to the CrowdStrike directory
	cd /d C:\Windows\System32\drivers\CrowdStrike

	:: Write debug info to log file
	echo Hostname: %hostname% > "%logfilename%"
	echo OS Version: %osversion% >> "%logfilename%"
	echo >> "%logfilename%"

	:: Rename the files and log the actions
	echo Renaming files: >> "%logfilename%"
	for %%f in (C-00000291*.sys) do (
	set originalname=%%f
	set newname=%%f.bad
	ren "%%f" "%%f.bad"
	if exist "%%f.bad" (
	echo Renamed %%f to %%f.bad >> "%logfilename%"
	) else (
	echo Failed to rename %%f >> "%logfilename%"
	)
	)

	:: Completion message
	echo Operation completed. Log file created at: %logfilename%

	endlocal
	pause