Channel File 291 Incident: Root Cause Analysis is Available

On July 19, 2024, as part of regular operations, CrowdStrike released a content configuration update (via channel files) for the Windows sensor that resulted in a widespread outage.

We apologize unreservedly.

View the Channel File 291 Incident Executive Summary

We acknowledge the incredible round-the-clock efforts of our customers and partners who, working alongside our teams, mobilized immediately to restore systems and bring many back online within hours. As of July 29, 2024, at 8:00 p.m. EDT, ~99% of Windows sensors were online, compared to before the content update. We typically see a variance of ~1% week-over-week in sensor connections. To any customers still affected, please know we will not rest until all systems are restored.

Today, we published our Root Cause Analysis (RCA) of the Channel File 291 incident, as well as an executive summary of the RCA, which can be found here. The report includes our findings, mitigations, technical details and root cause analysis of the incident.

Download the Channel File 291 Incident Root Cause Analysis

The RCA details the lessons learned from this significant incident — lessons we’re using to better serve our customers. While the Channel File 291 scenario is now incapable of recurring, it informs the process improvements and mitigation steps we are deploying to ensure further enhanced resilience.

Customer protection has always been our North Star at CrowdStrike, and it continues to be our focus every single day. Thank you for your continued partnership. We remain steadfast in our mission of stopping breaches and commit to regaining your trust and confidence.