Not sure who need this resource, but Microsoft updated its Recovery Tool for the CrowdStrike issue on Windows endpoints:
Here is the link to the Microsoft Tech Community Support Site:
As a former cybersecurity Incident Commander for Intel, here are my additional recommendations:
· Verify the source of every tool or procedure you plan on using!
· For a large organization, have a single accountable tech savvy group create the recovery process and don’t allow other groups to home-brew their own fixes
· Test the fix out on your different builds
· Formalize the step-by-step process for your environment — break down instructions to keep each step simple
· Make sure you have accounted for hard drive encryption hurdles (ex. Bitlocker or other 3rd party vendors), if applicable
· Roll-out the recovery in phases, starting with non-critical systems, just in case there are unforeseen issues and system data loss
· Have a process to record and report which systems have successfully been restored
· If things go sideways, STOP and seek more advanced assistance
Happy hunting!
Comments