- My Forums
- Tiger Rant
- LSU Recruiting
- SEC Rant
- Saints Talk
- Pelicans Talk
- More Sports Board
- Fantasy Sports
- Golf Board
- Soccer Board
- O-T Lounge
- Tech Board
- Home/Garden Board
- Outdoor Board
- Health/Fitness Board
- Movie/TV Board
- Book Board
- Music Board
- Political Talk
- Money Talk
- Fark Board
- Gaming Board
- Travel Board
- Food/Drink Board
- Ticket Exchange
- TD Help Board
Customize My Forums- View All Forums
- Show Left Links
- Topic Sort Options
- Trending Topics
- Recent Topics
- Active Topics
Started By
Message
Crowdstrike
Posted on 7/19/24 at 4:53 pm
Posted on 7/19/24 at 4:53 pm
10
Posted on 7/19/24 at 5:24 pm to TAMU-93
Yes. Millions are having to deal with this since 12:30am this morning.
Posted on 7/19/24 at 5:44 pm to Roy Curado
Are you having to physically intervene at each affected system? How many systems did you get fixed today? Have you been working since 12:30am?
Posted on 7/19/24 at 5:44 pm to TAMU-93
I work in the IT dept for a Utility company, and we had over 600 computers affected by this. Been fixing machines all day.
Yes we had to touch every affected system. Some were fixed with a hard reboot, other we had to log in and remove a crowd strike file. Crowd strike sent up a patch this morning that saved a lot of work. Made it even more tedious to have to navigate Bitlocker while trying to get into the machines.
quote:
Are you having to physically intervene at each affected system? How many systems did you get fixed today?
Yes we had to touch every affected system. Some were fixed with a hard reboot, other we had to log in and remove a crowd strike file. Crowd strike sent up a patch this morning that saved a lot of work. Made it even more tedious to have to navigate Bitlocker while trying to get into the machines.
This post was edited on 7/19/24 at 6:03 pm
Posted on 7/19/24 at 6:26 pm to TAMU-93
quote:
Are you having to physically intervene at each affected system? How many systems did you get fixed today? Have you been working since 12:30am?
we had 800 servers affected and im only on a Cyber team, wtf is your question ? go to the OT if you want details of how local people are dealing with it, ffs
Posted on 7/19/24 at 6:37 pm to GrammarKnotsi
quote:
wtf is your question
Well you just quoted three of them. I'm trying to have a tech discussion on the tech board about a tech issue, ffs.
Posted on 7/19/24 at 7:03 pm to GrammarKnotsi
quote:
we had 800 servers affected and im only on a Cyber team, wtf is your question ? go to the OT if you want details of how local people are dealing with it, ffs
I think this dude has been working since 12:30 am
Mr. Grumpy pants.
Posted on 7/19/24 at 8:28 pm to TAMU-93
Our mgmt software was configured to remove the affected files immediately upon coming online and checking in. Which meant for some we just had to get end users to boot into safe mode with networking, wait a few seconds and have them reboot. Sometimes easier said than done. Some we had to manually go in and purge.
Posted on 7/19/24 at 8:38 pm to TAMU-93
Deltek was down for us until 5 pm.
Posted on 7/19/24 at 8:41 pm to Roy Curado
Yep, shitstorm since 0035 for us and ruined my buttoning-up mindset for friday...on call bridge before i could even pour a coffee
Posted on 7/19/24 at 9:24 pm to LSshoe
quote:
Our mgmt software was configured to remove the affected files immediately upon coming online and checking in. Which meant for some we just had to get end users to boot into safe mode with networking, wait a few seconds and have them reboot. Sometimes easier said than done. Some we had to manually go in and purge.
Well that's fortunate. Having to manually delete that .sys file from every PC would have been an absolute nightmare.
Posted on 7/19/24 at 10:33 pm to LSshoe
quote:
Our mgmt software was configured to remove the affected files immediately upon coming online and checking in.
What software is this?
Posted on 7/20/24 at 9:20 am to TAMU-93
Posted on 7/20/24 at 9:49 am to bluebarracuda
quote:Can't most RMM tools do this?quote:What software is this?
Our mgmt software was configured to remove the affected files immediately upon coming online and checking in.
Posted on 7/20/24 at 12:17 pm to Korkstand
quote:I'd think most would be disabled in Safe mode, no? Maybe using pxe boot would be an option?
Can't most RMM tools do this?
I wrote a script that uses wmi to remove the file and then reboot the host. But, we had to get them in Safe Mode with networking first for that to work.
Posted on 7/20/24 at 2:04 pm to hashtag
quote:
But, we had to get them in Safe Mode with networking first for that to work.
Yep, same here for our hosts and our script.
Posted on 7/20/24 at 4:49 pm to TAMU-93
I’ve been out of town and haven’t fired up home laptop or desktop, is bad code pulled? Will I be ok to start them up now?
Posted on 7/20/24 at 5:04 pm to finkle
Is your laptop or home desktop connected to a Falcon sensor?
Posted on 7/20/24 at 5:34 pm to Roy Curado
I don’t know? So I’d say not, just personal home computers. I’d not heard of “Falcon” sensors until this event.
Posted on 7/20/24 at 6:17 pm to finkle
You will almost certainly be fine. CrowdStrike is a paid tool, so if you didn’t pay for it, you don’t have it. The angst is among people with company issued assets that do pay and install it. Our intranet says to contact your local office, which is either in Ohio or New Jersey. So my work laptop is a brick.
Page 1 of 2
Popular
Back to top
Follow TigerDroppings for LSU Football News