URGENT: CrowdStrike recovery guide for affected Windows users

KAUST Colleagues, as many of you are aware or have seen the recent email announcement and post on TheLENS, our endpoint protection/antivirus, CrowdStrike, had an issue causing Windows computers to stop loading and display an error screen, commonly known as the ‘blue screen’. CrowdStrike confirmed that this is not a security incident nor cyber-attack and only affects Windows computers.

Mac and Linux remain unaffected.

Below are steps for you to take depending on the situation, type of device, and comfort in running advanced recovery techniques:

My Windows machine is still working:

If your Windows machine is still working, it means your device has not been affected. It is recommended to connect your device to the wired network if possible. CrowdStrike will pick up the updated file automatically, and you do not need to take any further action.

My Windows machine is not working, or I am running Windows on a Mac hardware:

If your Windows machine not working or you are running Windows on Mac hardware and you have a local administrator account, please follow the steps below, otherwise, please, do not attempt to resolve this on your own and open a ticket with IT.

1. From the Windows Recovery Screen:
2. Click Advanced Recovery Options
3. Click Troubleshoot
4. Click Advance Options
5. Click Command Prompt
   1. If you are told no local administrator account exists stop and raise an IT Ticket
   1. If you are asked to provide a local administrator password for ‘hadmin’ stop and raise an IT Ticket.
   1. If another local administrator account exists and you know the password try it to proceed, but if you do not know the password raise an IT ticket.
   1. If no prompt for a local administrator account occurs the Command Prompt opens.
6. Enter: del C:\Windows\System32\drivers\CrowdStrike\C-00000291*.sys
7. Enter exit and press return or close the DOS prompt
8. Click Continue to reboot

If you still need help:

If your system does not recover on its own, please call the IT Service Desk at 012-8080910 or chat with the IT Chatbot VITA. Please note that many services, including the IT website have been impacted by this and we are working to restore all services.

KAUST Information Technology Department
Open a ticket via the chatbot: vita.kaust.edu.sa
Open a ticket via phone: 012-808-0910