www.crowdstrike.com
Open in
urlscan Pro
2606:4700::6810:b576
Public Scan
Submitted URL: http://crowdstroke.io/
Effective URL: https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/
Submission Tags: falconsandbox
Submission: On July 22 via api from US — Scanned from NL
Effective URL: https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/
Submission Tags: falconsandbox
Submission: On July 22 via api from US — Scanned from NL
Form analysis
0 forms found in the DOMText Content
Skip to main contentEnable accessibility for low visionOpen the accessibility menu x * Remediation and Guidance Hub: Falcon Content Update for Windows Hosts Read now Remediation and Guidance Hub: Falcon Content Update for Windows Hosts Read now Skip to Main Content * Experienced a Breach? * Small Business * CrowdStrike Marketplace * Contact Us * Blog English * * Deutsch * * English (AU) * * English (UK) * * English (US) * * Español * * Français * * Italiano * * LatAm * * Português * * عربى * * 日本語 * * 繁體中文 * * 한국어 * Platform Explore Platform THE DEFINITIVE AI-NATIVE CYBERSECURITY PLATFORM * Endpoint Security The leader in EPP and EDR, backed by pioneering adversary intelligence and native AI. * Exposure Management The leader in exposure management with complete attack surface visibility & AI-powered vulnerability management. * Identity Threat Detection & Response Stop modern attacks in real time with the only unified platform for identity protection and endpoint security. * IT Automation Consolidate security and IT with one platform, agent, and console to cut complexity and cost. * Threat Intelligence & Hunting The leader in cyber threat intelligence with world-class research and elite threat hunting to disrupt adversaries. * Cloud Security The most complete CNAPP with unified agent and agentless protection, from code to cloud. * Next-Gen SIEM The world’s only AI-native SOC platform that consolidates siloed security tools and data. * Generative AI Turn hours of work into minutes or seconds with generative AI workflows for cybersecurity and IT. * Data Protection Unified data protection that deploys instantly on existing agents to stop the theft of sensitive information. * Workflow Automation Build your own workflows with native security orchestration, automation, and response (SOAR). * Services Prepare -------------------------------------------------------------------------------- Prepare and train your organization to defend against sophisticated threat actors using real-life simulation exercises. SEC Readiness Services Tabletop Exercise Red Team/Blue Team Exercise Adversary Emulation Exercise Penetration Testing Respond -------------------------------------------------------------------------------- Available under a Services Retainer, giving you access to security consultants and expertise to respond to a breach. Incident Response Compromise Assessment Endpoint Recovery Network Detection Experienced a breach? Fortify -------------------------------------------------------------------------------- Enhance your cybersecurity practices and controls with actionable recommendations to fortify your cybersecurity posture. Maturity Assessment Technical Risk Assessment SOC Assessment Cloud Security Assessment Identity Security Assessment Managed Services -------------------------------------------------------------------------------- Managed Detection & Response Included in Falcon Complete and backed by CrowdStrike's Breach Prevention Warranty. Cloud Detection and Response The only CDR that unifies world-class threat intelligence and 24/7 services with the world’s most complete CNAPP. Additional Services -------------------------------------------------------------------------------- Cloud Security Services Identity Protection Services Falcon LogScale Services Partner Services * Why CrowdStrike WHY CROWDSTRIKE * Industry Recognition CrowdStrike is the recognized leader in endpoint protection solutions. * MITRE ATT&CK CrowdStrike achieves industry-leading coverage for MITRE AT&CK evaluations. * Customer Stories Don’t take our word for it, hear what our customers have to say. COMPARE CROWDSTRIKE * vs. Microsoft Burdensome operations drive up TCO. * vs. Palo Alto Networks Hard to deploy, hard to use, harder to manage. * vs. SentinelOne Weak coverage, can’t stop breaches. * vs. Wiz Incomplete CNAPP that can't stop breaches. * vs. Other Competitors See why CrowdStrike is the top choice for comprehensive cybersecurity. SOLUTIONS BY TOPIC * Cloud Detection and Response The only CDR that unifies world-class threat intelligence and 24/7 services with the world’s most complete CNAPP. * Zero Trust Real-time breach protection on any endpoint, cloud workload or identity, wherever they are. * Ransomware Protection Learn what you can do to stop ransomware threats in their tracks. * Observability & Log Management Fills in the gaps, logs everything, and realizes real-time observability for your entire system. * Log4Shell Mitigation Get the latest information on this evolving vulnerability. SOLUTIONS BY INDUSTRY * Small Business * Election Security * State and Local Government * Federal Government * Healthcare * Education * Financial Services * Retail * Learn Featured Resources -------------------------------------------------------------------------------- Cybersecurity 101 Glossary Explanations, examples and best practices on a variety of cybersecurity topics. Get Your Threat Landscape Discover the adversaries targeting your industry. 2024 Global Threat Report The must-read cybersecurity report of the year. 2023 Threat Hunting Report CrowdStrike's threat hunting insights from July 1, 2022 to June 30, 2023. CrowdStrike Blog -------------------------------------------------------------------------------- Under The Wing Discover how CrowdStrike protects you against the most advanced attacks. From The Front Lines Executive Viewpoint Counter Adversary Operations Customer Focused -------------------------------------------------------------------------------- Free Trial Guide Customer Support Portal CrowdStrike University CrowdStrike Tech Hub Developer Portal Knowledge Resources -------------------------------------------------------------------------------- Customer Stories White Papers Webinars Adversary Universe Podcast Reports Logging Guides Try interactive demos All Resources * Company Connect With Us -------------------------------------------------------------------------------- Careers Events Fal.Con 2024 Falcon Encounter Hands-on Labs Partner Programs -------------------------------------------------------------------------------- Channel Partners and Distributors Service Providers Strategic Technology Partners CrowdStrike Marketplace View All Become a partner About Us -------------------------------------------------------------------------------- Our Story Board of Directors Investor Relations CrowdStrike & F1 Racing Executive Team Latest News Environment, Social & Governance * Login Contact Us * -------------------------------------------------------------------------------- View bundles & pricing * -------------------------------------------------------------------------------- Platform * -------------------------------------------------------------------------------- Services * -------------------------------------------------------------------------------- Why CrowdStrike * -------------------------------------------------------------------------------- Learn * -------------------------------------------------------------------------------- Company * -------------------------------------------------------------------------------- Blog * -------------------------------------------------------------------------------- Marketplace * -------------------------------------------------------------------------------- Login * -------------------------------------------------------------------------------- Contact us * -------------------------------------------------------------------------------- Experienced a breach? * -------------------------------------------------------------------------------- Languages -------------------------------------------------------------------------------- Back Remediation and Guidance Hub: Falcon Content Update for Windows Hosts REMEDIATION AND GUIDANCE HUB: FALCON CONTENT UPDATE FOR WINDOWS HOSTS Page last updated 2024-07-22 1528 UTC Updated 2024-07-22 1528 UTC As stated in our social media post at 2024-07-21 2106 UTC, together with customers, CrowdStrike tested a new technique to accelerate impacted system remediation. We’re in the process of operationalizing an opt-in to this technique. Customers are encouraged to follow the Tech Alerts for latest updates as they happen and they will be notified when action is needed. We have published a video outlining the steps required to self-remediate impacted remote Windows laptops. We will continue to provide updates here as information becomes available and new fixes are deployed. CrowdStrike is actively assisting customers affected by a defect in a recent content update for Windows hosts. Mac and Linux hosts were not impacted. The issue has been identified and isolated, and a fix has been deployed. This was not a cyberattack. Customers are advised to check the support portal for updates. We will also continue to provide the latest information here and on our blog as it’s available. We recommend organizations verify they are communicating with CrowdStrike representatives through official channels. We assure our customers that CrowdStrike is operating normally and this issue does not affect our Falcon platform systems. If your systems are operating normally, there is no impact to their protection if the Falcon sensor is installed. We understand the gravity of this situation and are deeply sorry for the inconvenience and disruption. Our team is fully mobilized to ensure the security and stability of CrowdStrike customers. OVERVIEW STATEMENT FROM OUR CEO Sent 2024-07-19 1930 UTC Valued Customers and Partners, I want to sincerely apologize directly to all of you for the outage. All of CrowdStrike understands the gravity and impact of the situation. We quickly identified the issue and deployed a fix, allowing us to focus diligently on restoring customer systems as our highest priority. The outage was caused by a defect found in a Falcon content update for Windows hosts. Mac and Linux hosts are not impacted. This was not a cyberattack. We are working closely with impacted customers and partners to ensure that all systems are restored, so you can deliver the services your customers rely on. CrowdStrike is operating normally, and this issue does not affect our Falcon platform systems. There is no impact to any protection if the Falcon sensor is installed. Falcon Complete and Falcon OverWatch services are not disrupted. We will provide continuous updates through our Support Portal at https://supportportal.crowdstrike.com/s/login/. We have mobilized all of CrowdStrike to help you and your teams. If you have questions or need additional support, please reach out to your CrowdStrike representative or Technical Support. We know that adversaries and bad actors will try to exploit events like this. I encourage everyone to remain vigilant and ensure that you’re engaging with official CrowdStrike representatives. Our blog and technical support will continue to be the official channels for the latest updates. Nothing is more important to me than the trust and confidence that our customers and partners have put into CrowdStrike. As we resolve this incident, you have my commitment to provide full transparency on how this occurred and steps we’re taking to prevent anything like this from happening again. George Kurtz CrowdStrike Founder and CEO TECHNICAL DETAILS * Technical Details on the outage can be found here: Read the blog Published 2024-07-19 0100 UTC * We assure our customers that CrowdStrike is operating normally and this issue does not affect our Falcon platform systems. If your systems are operating normally, there is no impact to their protection if the Falcon Sensor is installed. Falcon Complete and OverWatch services are not disrupted by this incident. * CrowdStrike has identified the trigger for this issue as a Windows sensor related content deployment and we have reverted those changes. The content is a channel file located in the %WINDIR%\System32\drivers\CrowdStrike directory. * Channel file “C-00000291*.sys” with timestamp of 2024-07-19 0527 UTC or later is the reverted (good) version. * Channel file “C-00000291*.sys” with timestamp of 2024-07-19 0409 UTC is the problematic version. * Note: It is normal for multiple “C-00000291*.sys files to be present in the CrowdStrike directory – as long as one of the files in the folder has a timestamp of 05:27 UTC or later, that will be the active content. * Symptoms include hosts experiencing a bugcheck\blue screen error related to the Falcon Sensor. * Windows hosts which have not been impacted do not require any action as the problematic channel file has been reverted. NON-IMPACTED HOSTS * Windows hosts which are brought online after 2024-07-19 0527 UTC will not be impacted * Windows hosts installed and provisioned after 2024-07-19 0527 UTC are not impacted Updated 2024-07-21 1435 UTC * This issue is not impacting Mac- or Linux-based hosts HOW DO I IDENTIFY IMPACTED HOSTS? HOW DO I IDENTIFY IMPACTED HOSTS VIA ADVANCED EVENT SEARCH QUERY? UPDATED 2024-07-22 0139 UTC The queries utilized by the dashboards are listed at the bottom of the appropriate dashboard KB articles. HOW DO I IDENTIFY IMPACTED HOSTS VIA DASHBOARD? UPDATED 2024-07-22 0139 UTC An updated granular dashboard is available that displays the Windows hosts impacted by the content update defect described in this Tech Alert. See Granular status dashboards to identify Windows hosts impacted by content issue (v8.6) (pdf) or log in to view in the support portal. Note that the queries utilized by the dashboards are listed at the bottom of the appropriate dashboard KB articles. HOW DO I REMEDIATE IMPACTED HOSTS? If hosts are still crashing and unable to stay online to receive the Channel File update, the remediation steps below can be used. HOW DO I REMEDIATE INDIVIDUAL HOSTS? UPDATED 2024-07-21 0932 UTC * Reboot the host to give it an opportunity to download the reverted channel file. We strongly recommend putting the host on a wired network (as opposed to WiFi) prior to rebooting as the host will acquire internet connectivity considerably faster via ethernet. * If the host crashes again on reboot: * Option 1 – Manual * Please see this Microsoft article for detailed steps. * Note: Bitlocker-encrypted hosts may require a recovery key. * Review the following video on CrowdStrike Host Self-Remediation for Remote Users. Follow the instructions contained within the video if directed to do so by your organization’s IT department. Updated 2024-07-22 1510 UTC * Option 2 – Automated via bootable USB key * Follow the instructions in this KB article (pdf) or log in to view in the support portal. * Note: Bitlocker-encrypted hosts may require a recovery key. HOW DO I RECOVER BITLOCKER KEYS? UPDATED 2024-07-21 1810 UTC Bitlocker Recovery Guidance for Knowledge Base (KB) Articles Resources UPDATED 2024-07-21 1810 UTC MICROSOFT AZURE (PDF) or log in to view in the support portal. UPDATED 2024-07-21 1810 UTC SCCM (PDF) or log in to view in the support portal. UPDATED 2024-07-21 1810 UTC ACTIVE DIRECTORY AND GPOS (PDF) or log in to view in the support portal. UPDATED 2024-07-21 1810 UTC IVANTI ENDPOINT MANAGER (PDF) or log in to view in the support portal. UPDATED 2024-07-21 1810 UTC MANAGEENGINE DESKTOP CENTRAL (PDF) or log in to view in the support portal. UPDATED 2024-07-21 1810 UTC BIGFIX (PDF) or log in to view in the support portal. UPDATED 2024-07-21 0023 UTC BITLOCKER RECOVERY WITHOUT RECOVERY KEYS (PDF) or log in to view in the support portal. WORKSPACE ONE PORTAL Omnissa article TANIUM Tanium article CITRIX Citrix article HOW TO RECOVER CLOUD-BASED ENVIRONMENT RESOURCES Cloud Environment Guidance AWS AWS article AZURE Microsoft article GCP (PDF) or log in to view in the support portal PUBLIC CLOUD/VIRTUAL ENVIRONMENTS Option 1: * Detach the operating system disk volume from the impacted virtual server * Create a snapshot or backup of the disk volume before proceeding further as a precaution against unintended changes * Attach/mount the volume to to a new virtual server * Navigate to the %WINDIR%\System32\drivers\CrowdStrike directory * Locate the files matching “C-00000291*.sys”, and delete them * Detach the volume from the new virtual server * Reattach the fixed volume to the impacted virtual server Option 2: * Roll back to a snapshot before 2024-07-19 0409 UTC THIRD PARTY VENDOR INFORMATION UPDATED 2024-07-20 2259 UTC Third Party Vendor Guidance INTEL VPRO TECHNOLOGY REMEDIATION GUIDE Remediate CrowdStrike Falcon® update issue on Windows systems with Intel vPro® technology RECOVERY FOR RUBRIK CUSTOMERS CrowdStrike & Rubrik Customer Content Update Recovery For Windows Hosts COHESITY SUPPORT Cohesity’s support for CrowdStrike’s Falcon Sensor updates ADDITIONAL RESOURCES * Statement from our CEO Published 2024-07-19 1915 UTC * Falcon Sensor Content issue Likely Used to Target CrowdStrike Customers Published 2024-07-19 2030 UTC * Technical Details: Falcon Content Update for Windows Hosts Published 2024-07-19 0100 UTC * Likely eCrime Actor Uses Filenames Capitalizing on Falcon Sensor Content Issues in Operation Targeting LATAM-based CrowdStrike Customers Published 2024-07-20 0145 UTC * Statement from our CEO * Technical Details * How do I identify impacted hosts? * How do I remediate impacted hosts? * How do I recover Bitlocker Keys? * How do I recover Cloud–Based Environments? * Third Party Vendor Information * Additional Resources Start your free trial now. Total protection has never been easier. Take advantage of our free 15-day trial and explore the most popular solutions for your business: * Protect against malware with next-gen antivirus. * Get unrivaled visibility with USB device control. * Simplify your host firewall management. * Defeat adversaries with automated threat intelligence. Request free trial * * * * * New to CrowdStrike? About the platform Explore products Services Why choose CrowdStrike? Company About CrowdStrike Careers Events Newsroom Partners CrowdStrike Marketplace Learn with CrowdStrike 2024 Global Threat Report Cybersecurity 101 Your Threat Landscape Tech Center View all resources Contact us Experienced a breach? Copyright © 2024 * Contact us * Privacy * Cookies * Your Privacy Choices * Terms of Use * Accessibility ABOUT COOKIES ON THIS SITE By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. Cookie Notice Cookie Settings Reject All Accept All Cookies COOKIE PREFERENCE CENTER * YOUR PRIVACY * STRICTLY NECESSARY COOKIES * FUNCTIONAL COOKIES * PERFORMANCE COOKIES * TARGETING COOKIES YOUR PRIVACY When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer. More information. STRICTLY NECESSARY COOKIES Always Active These cookies are necessary for the website to function and cannot be switched off in our systems. This includes diagnostic functions such as identifying 404 errors and monitoring page load speed. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information. Cookies Details FUNCTIONAL COOKIES Functional Cookies These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly. Cookies Details PERFORMANCE COOKIES Performance Cookies These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collet is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance. Cookies Details TARGETING COOKIES Targeting Cookies These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising. Cookies Details Back Button COOKIE LIST Filter Button Consent Leg.Interest checkbox label label checkbox label label checkbox label label Clear checkbox label label Apply Cancel Confirm My Choices Allow All