This topic provides a temporary solution to the Windows blue screen issue that occurred on July 19, 2024.
Problem description
Starting at 12:30 on July 19, 2024 (UTC+8), Alibaba Cloud detected unexpected restarts of specific Elastic Compute Service (ECS) instances that run Windows operating systems. The issue was caused by an automatic update of Falcon Sensor, which is a piece of software owned by a third-party security company named CrowdStrike. Before the company releases an official solution, you can rename the directory in which the software is located to temporarily alleviate the system anomaly.
Temporary solution
The temporary solution may cause the CrowdStrike security software to become invalid, which affects instance security and other ancillary features. We recommend that you perform a risk assessment before using the temporary solution.
Connect to a Windows ECS instance by using Virtual Network Computing (VNC) from an on-premises computer that runs a Windows operating system. In the screen shown in the following figure, press the F8 key to go to the Startup Settings page.
Select 4) Enable Safe Mode.
Log on to the ECS instance as the administrator.
NoteIf you are automatically logged on to the system as a non-administrator user, log out of the system. On the logon page, use Administrator as the username and enter the corresponding password to log on to the system.
Find the drive letter of the system disk and rename the
Windows\system32\drivers\CrowdStrike
directory on the system disk toCrowdStrike.bak
.Restart the Windows ECS instance to enter normal mode.
ImportantAlibaba Cloud continuously monitors the progress of the incident. You can also obtain the latest updates from the CrowdStrike official website. If you encounter issues in the process or require further assistance, contact Alibaba Cloud at any time by submitting a ticket or calling the service hotline.