Yesterday’s IT outages, caused by a regular update to an application designed to protect computers from security threats, affected millions worldwide.
The outage, caused by CrowdStrike’s Falcon Sensor on Windows hosts, is well documented in the CrowdStrike Statement of Fact (and their associated blogs) where remediation steps are enumerated. This outage did not impact Druva services and our support team has been working with customers to help them access their end-user data (through a web portal) and to help them restore end-user systems and virtual machines when required. Dru Assist, our AI agent available within the Druva web console, has been busy helping customers restore data.
At the heart of the outage was a single bad file applied during a routine update, which caused laptops and servers running the Windows OS to crash with a blue screen of death (BSOD). The BSOD was seen everywhere from corporate lobbies to airport check-in terminals.
How can Druva help you?
Use Dru Assist — our AI agent to help you find these links in a flash. Or if you know exactly what you want, keep reading.
Immediate access to end-user data online
Suppose individuals can’t restart laptops/endpoints protected by Druva. In that case, they can access their data via the Druva online portal using another available system (provided their IT has enabled this feature). Any Druva cloud administrator can enable this option by selecting “allow restore from web browser” at the per-profile level.
Endpoint restore
If IT or the individual can’t apply the recommended fix to an endpoint, then customers can remediate in two possible ways:
Defensible deletion — Druva’s defensible deletion folder allows files to be removed from the primary system and backup. If the offending folder “system32/crowdstrike” was included in the backup path, then this file could be removed from both the primary and backup system.
Restore from a recovery point (multiple options):
Mass deployment and replacement of devices — If you want someone to wipe their machine or start a fresh install, there are multiple options to restore systems at scale.
Share device data — If a team is dependent on a user’s local data, this option makes that user’s data available to other teams if the user can’t boot their machine. Users must first access this data via the User Web Console.
Download the data — Allow your users to download their data to another machine to get work done. This can be done by administrators or users themselves.
Data Center and Cloud Virtual Machine restore
For Virtual Machines running Windows Client and Windows Server, running the "CrowdStrike Falcon agent" can encounter a bug check BSOD.
Handy links for recovery options include:
Recover server-based VMs — VMware, Hyper-V, AHV — our product can help to fully recover VMs to any of the available recovery points.
Sandbox recovery — For VMware workloads, Druva offers a sandbox recovery option that allows you to recover into a sandbox before the boot sequence and programmatically remove a file.
Disaster Recovery-as-a-Service for VMware — Use this feature to fail over a VM into an AWS EC2 instance and get your system running in under 1 hour.
Recover Amazon EC2 VMs — You can quickly restore an AMI or an EBS.
Recover Microsoft Azure VMs — Restore an Azure VM with no egress charges.
Physical file server restore — Install the OS and restore the data via Druva.
API-based actions — Druva actionable API offers a programmatic way to integrate recovery operations into your existing toolset.
Contact Druva Support by phone or email. We stand by ready to help you.