Workaround for fixing #CrowdStrike update issues – Manual and Intune

Please use at your own risk.
Manual process:
Requires Admin rights:
Boot Windows into Safe Mode or the Windows Recovery Environment
Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
Locate the file matching “C-00000291*.sys”, and delete it.
Boot the host normally.

Solution using Intune:

• Copy below PowerShell script and save it as a .PS1 file.
• Log in to Microsoft Endpoint Manager admin center.
• Navigate to Devices > Scripts > Add.
• Choose Windows 10 and later as the platform.
• Upload the PowerShell script created above.
• Configure any additional settings as required, such as run time, user or system context, etc.
• Assign the script to the appropriate device groups.
• Review and create the script deployment.

# PowerShell script to delete the specific CrowdStrike driver file and reboot

# Path to the CrowdStrike drivers directory
$dirPath = "C:\Windows\System32\drivers\CrowdStrike"

# Pattern to match the file
$filePattern = "C-00000291*.sys"

# Get the file that matches the pattern
$file = Get-ChildItem -Path $dirPath -Filter $filePattern -ErrorAction SilentlyContinue

# If the file exists, delete it
if ($file) {
    Remove-Item -Path $file.FullName -Force
    Write-Host "File $($file.FullName) deleted successfully."
} else {
    Write-Host "No matching file found."
}

# Reboot the device
Restart-Computer -Force