Employee Scott Kelley Posted July 19 Employee Posted July 19 (edited) For those using Workspace ONE DEX, you can determine if you were impacted by the Crowdstrike update and your devices are having OS crashes/blue screens of death a couple ways. you would have received an email alerting you of a new Workspace ONE Insight that shows an abnormal increase of OS Crashes that would look like this If you received this alert, then you have the ability to "Create Investigation" from this alert/insight and run the guided root cause analysis engine by selecting the time frame of when the issue occurred and letting the system determine that the root cause was due to Crowdstrike application update by viewing the results. Will look like this below. NOTE: this is just an example of the rca results of a previous issue, not the results of this actual issue. We will post example RCA results of the actual Crowdstrike issue when we get an example from a customer. you can import the attached dashboard template (json file) into your Workspace ONE Intelligence console that shows if you have an increase of OS crashes, who has Crowdstrike installed, who has Crowdstrike running and what versions of Crowdstrike were released/installed recently. Optionally, it shows if Crowdstrike spiked also caused in increase of boot degradation events which is another indicator that the device had the issue.The time range is "last 48 hours" but you can change the global filter to whatever time range you want. Crowdstrike Falcon Update and BSOD Investigation.json Note: This will be on the Workspace ONE Marketplace on Monday, July 22nd around 3:00 PM EST You can now drill into each widget and see the list of devices affected and then navigate to the per device timeline for that device to see when the OS Crash happened if that device also experienced multiple boot degradation events due to Crowdstrike Falcon Sensor shows a single Boot Event that included Crowdstrike Falcon Sensor as a reason for long boot and boot degradation then finally the UEM device profile that shows what version of Crowdstrike Falcon Sensor is installed. Here are two remediation information links: https://www.crowdstrike.com/blog/statement-on-falcon-content-update-for-windows-hosts/ https://kb.omnissa.com/s/article/6000067 Edited August 7 by Scott Kelley 4 1 4
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now