CrowdStrike Driver Triggers PAGE_FAULT_IN_NONPAGED_AREA BSOD – Symptoms, Impact and Safe‑Mode Workaround

Users around the globe have reported Windows blue‑screen (BSOD) incidents displaying the error code PAGE_FAULT_IN_NONPAGED_AREA . The crashes appear to be caused by the driver file csagent.sys , which belongs to the U.S. endpoint‑security company CrowdStrike .

CrowdStrike provides enterprise‑grade endpoint protection, threat intelligence, and network‑attack defense services. The issue has been observed in China, Japan, Australia, New Zealand, India and other markets, affecting government sites, banks, libraries, enterprises and more, suggesting a compatibility problem triggered by a recent software or virus‑definition update.

In Australia, the national broadcaster reported a major network outage, and the Australian Cyber Security Coordinator confirmed a large‑scale technical fault impacting many businesses and services.

The immediate workaround is to prevent the CrowdStrike driver from loading by renaming its installation folder. Specifically, rename the directory C:\windows\system32\drivers\crowdstrike ; after renaming, the incompatible driver cannot be called and the system can boot normally.

CrowdStrike has acknowledged the problem and is working on a fix. An engineer on Reddit indicated that the company is rolling back a recent change that may have caused the BSOD.

How to enter Safe Mode to apply the workaround:

Power on normally; if a BSOD occurs, hold the power button to force shutdown.

Power on again; after another crash, hold the power button to force shutdown.

On the third boot, the system will automatically display the Advanced Startup screen (or you can click Advanced Recovery options).

On the Advanced Startup page, select Advanced startup → Startup Settings → Restart .

When the system restarts, press F4 to enter Safe Mode.

In Safe Mode, navigate to the driver folder mentioned above.

Delete all files in that folder whose names start with C‑00000291 and have the .sys extension.