Skip to main content
Free Trial Buy Now

Navigating the CrowdStrike Windows Event: How ConnectWise ScreenConnect and ConnectWise View Can Help

Posted:
07/19/2024

A significant global outage has been reported due to a faulty update from CrowdStrike. This issue has caused computers running Windows to crash, displaying the dreaded blue screen of death (BSOD). This is not a security breach or cyberattack, but a technical glitch. 

Some are calling this “the largest IT outage in history” impacting industries and companies worldwide from airlines and hospitals to banks, major broadcasters like Sky News and 911 services. ConnectWise Expert Services have also been impacted.

If you're experiencing this issue, here's what happened and how ConnectWise ScreenConnect and ConnectWise View can assist you in navigating this crisis.  

Understanding the Event

On July 19, 2024, an update to CrowdStrike's Falcon Sensor software triggered widespread problems. This update contained a faulty driver, causing Windows systems to crash and display the BSOD. The impact has been significant, with reports of grounded planes in the US, disrupted train services in the UK, and halted operations at airports at various airports. 

CrowdStrike engineers have determined that the issue arose from a defective content update, not a security incident. Despite efforts to roll back the update, many systems remain in reboot loops, requiring manual fixes. CrowdStrike’s CEO George Kurtz confirmed that the problem is not a security breach and that a resolution has been deployed. 

Recommended Actions from CrowdStrike 

CrowdStrike has provided detailed instructions for addressing this issue, including both individual host fixes and steps for public cloud environments. For the latest updates and detailed workaround steps, please refer to the official CrowdStrike Tech Alert. 

ScreenConnect Solutions for Mitigating the Impact 

At ConnectWise, we understand the urgency and scale of this problem. ScreenConnect, accessible via ConnectWise Automate, RMM, or directly, is here to help you tackle this critical problem effectively. Here’s how we can assist: 

Please note that once a machine encounters the BSOD, ScreenConnect cannot operate remotely until the impacted machine is manually started in safe mode. 

1. Remote assistance using ScreenConnect capabilities

One-Click Boot into Safe Mode  

MSPs will need to guide their end users through rebooting into safe mode with networking. This step is essential for establishing a remote connection once the machine reboots and implementing the CrowdStrike fix. Here’s how you can reboot into safe mode with networking: 

  1. Restart your computer. 
  2. On the lock or sign-in screen, keep the Shift key pressed, click on the Power button, and then press Restart. 
  3. After a short while, you should see a blue screen with three options. Click or tap on the second one: Troubleshoot. 
  4. On the Troubleshoot screen, choose “Advanced options.” 
  5. Select Startup Settings. 
  6. Select Restart. 
  7. The computer restarts and enters the Startup Settings menu. Select 5 or F5 to start the computer in safe mode with networking. 

For more detailed instructions, you can refer to the Microsoft Support page: Start your PC in safe mode in Windows. 

2. Using ScreenConnect Remote Support features

ScreenConnect  

Once in safe mode with networking, ScreenConnect allows you to take control of your machine remotely. This enables you to perform the necessary fixes without needing an on-site visit. You can also create a script and upload it to the ScreenConnect toolbox to automate this process. 

File Deletion  

Following CrowdStrike’s recommended workaround, we will help you navigate to ‘C:\Windows\System32\drivers\CrowdStrike’ and delete the faulty driver file matching ‘C-00000291*.sys’. 

3. Leveraging ConnectWise View for real-time guidance

If a partner cannot get an endpoint into safe mode with networking using ScreenConnect for any reason, they can use ConnectWise View and their clients' mobile camera devices to see what their clients are looking at and talk them through the process manually. ConnectWise View allows technicians to visually guide users through troubleshooting steps via live streaming from their mobile devices. 

To support you during this critical period, we have automatically enabled View for all paid partners for the next 7 days. This powerful tool is available to assist you in managing this crisis effectively. 

Learn more about ConnectWise View™ here or find more detailed information on the ConnectWise University page. 

Special access and support initiatives 

To support affected organizations during this critical period, we are enabling special access to our premium features for all ScreenConnect paid partners, including View and remote diagnostics toolkit feature. 

  • Start a free trial: If you are not a ScreenConnect partner, you can access all features for 14 days by starting a ScreenConnect trial. This will provide you with full access to our premium tools, including View and the Remote Diagnostics toolkit. 
  • Enhanced access for current ScreenConnect customers: All ScreenConnect paid partners, regardless of their package, will have View enabled for seven days to help manage this crisis. View is typically part of the Premium package, but we are temporarily extending this feature to all our partners. 

Conclusion 

This unexpected outage has created significant challenges across various sectors. At ConnectWise ScreenConnect, our priority is to provide the support and tools necessary to mitigate these issues effectively and with minimal disruption. Stay tuned to our updates for the latest information and further assistance. 

For any immediate help, please reach out to our support team through our official channels. We are here to ensure your systems are up and running as quickly as possible.