Created
July 19, 2024 14:56
-
-
Save ran-dall/eb758c36b394040bce94d8b419b6c65b to your computer and use it in GitHub Desktop.
(Semi-)Automated CrowdStrike Driver Cleanup / Recovery
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Function to delete the specified file in Safe Mode | |
| function Delete-CrowdStrikeFile { | |
| $directoryPath = "C:\Windows\System32\drivers\CrowdStrike" | |
| $filePattern = "C-00000291*.sys" | |
| # Ensure the directory exists | |
| if (Test-Path -Path $directoryPath) { | |
| $files = Get-ChildItem -Path $directoryPath -Filter $filePattern | |
| if ($files) { | |
| foreach ($file in $files) { | |
| Remove-Item -Path $file.FullName -Force | |
| Write-Output "Deleted file: $($file.FullName)" | |
| } | |
| } else { | |
| Write-Output "No files matching the pattern '$filePattern' found in '$directoryPath'." | |
| } | |
| } else { | |
| Write-Output "Directory '$directoryPath' does not exist." | |
| } | |
| } | |
| # Function to reset the boot mode to normal | |
| function Reset-NormalBoot { | |
| bcdedit /deletevalue {current} safeboot | |
| Write-Output "System configured to boot into Normal Mode on next restart." | |
| } | |
| # Delete the specified file | |
| Delete-CrowdStrikeFile | |
| # Reset boot to Normal Mode | |
| Reset-NormalBoot | |
| # Inform the user to restart the computer | |
| Write-Output "Please restart your computer to boot into Normal Mode." |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment