Summary 

Microsoft has identified an issue impacting Windows endpoints that are running the CrowdStrike Falcon agent. These endpoints might encounter error messages 0x50 or 0x7E on a blue screen and experience a continual restarting state.

We have received reports of successful recovery from some customers attempting multiple restart operations on affected Windows endpoints.

We are working with CrowdStrike to provide the most up-to-date information available on this issue. Please check back for updates on this ongoing issue.  

Resolution

To resolve this issue, follow these instructions for your version of Windows.

Windows 11

  1. Hold the power button for 10 seconds to turn off your device and then press the power button again to turn on your device.

  2. On the Windows sign-in screen, press and hold the Shift key while you select Power > Restart.

  3. After your device restarts to the Choose an option screen, select Troubleshoot.

    Choose an option

  4. On the Troubleshoot screen, select Advanced options > Startup SettingsEnable safe mode.

    Troubleshoot

  5. Restart your device.

    Note You may be asked to enter your BitLocker recovery key. When the device restarts, continue pressing F4 and then it will log you in to safe mode. Please note, for some devices, you need to press F11 to log in through safe mode.

  6. Once in safe mode, right-click Start, click Run, type cmd in the Open box, and then click OK.

  7. If your system drive is different than C:\, type C: and then press Enter. This will switch you to the C:\ drive.

  8. Type the following command and then press Enter:

    CD C:\Windows\System32\drivers\CrowdStrike

    Note In this example, C is your system drive. This will change to the CrowdStrike directory.

  9. Once in the CrowdStrike directory, locate the file matching “C-00000291*.sys”. To do this, type the following command and then press Enter:

    dir C-00000291*.sys

  10. Permanently delete the file(s) found. To do this, type the following command and then press Enter.

    del C-00000291*.sys

  11. Manually search for any files that match “C-00000291*.sys” and delete them.

  12. Restart your device

Windows 10

  1. Hold the power button for 10 seconds to turn off your device and then press the power button again to turn on your device.

  2. On the Windows sign-in screen, press and hold the Shift key while you select Power  > Restart.

  3. After your device restarts to the Choose an option screen, select Troubleshoot.

    Choose an option

  4. On the Troubleshoot screen, select Advanced options > Startup SettingsEnable safe mode.

    Troubleshoot

  5. Restart your device.

    Note You may be asked to enter your BitLocker recovery key.

  6. When the device restarts, continue pressing F4 and then it will log you in to safe mode.

  7. Once in safe mode, right-click Start, click Run, type cmd in the Open box, and then click OK.

  8. If your system drive is different than C:\, type C: and then press Enter. This will switch you to the C:\ drive.

  9. Type in the following command and then press Enter:

    CD C:\Windows\System32\drivers\CrowdStrike

    Note In this example C is your system drive. This will change to the CrowdStrike directory.

  10. Once in the CrowdStrike directory, locate the file matching “C-00000291*.sys”. To do this, type the following command and then press Enter:

    dir C-00000291*.sys

  11. Permanently delete the file(s) found. To do this, type the following command and then press Enter.

    del C-00000291*.sys

  12. Manually search for any files that match “C-00000291*.sys” and delete them.

  13. Restart your device.

References

Start your PC in safe mode in Windows

CrowdStrike issue impacting Windows endpoints causing an 0x50 or 0x7E error message on a blue screen