Learn More About the CrowdStrike Outage
and Get Help

Need help getting systems restored?
Get Help Now Get Help Now

What happened and why?

A software update from CrowdStrike caused Microsoft Windows systems to crash, disrupting airline travel, healthcare, government services, and many other critical industries and organizations globally.

CrowdStrike released a content update for Falcon customers designed to detect newly observed, malicious named pipes being used by common C2 frameworks in cyberattacks. The erroneous update sent computers around the globe into the dreaded blue screen of death.

How is Trellix different?

First, we believe security vendors hold great responsibility. We all occupy a privileged position with access to the heart of customers’ systems known as the kernel, and there are best practices to ensure that all code deployed there is certified by Microsoft, and not changed without the approval and knowledge of the customer.

And second, at Trellix we employ a conservative approach anchored by three imperatives: Transparency, Choice, and Responsibility.

The Trellix approach: transparency, choice, and responsibility.

Transparency
Our customers have visibility into the way we package our code.

  • Code that sits at the kernel level should be minimized to limit the potential for a cascading catastrophic system outage.
  • We follow kernel driver best practices: separating content from executable code, ensuring all kernel drivers are certified and signed by Microsoft.
  • This separation of security content and code ensures if there is ever a crash caused by an erroneous file, our program terminates independent of the operating system, and permits remote recovery.

Choice
Our customers have control over kernel level changes.

  • This outage is a reminder of why the choice of updates to kernel drivers should always be in the hands of those that can best assess risk—the customer.
  • Trellix customers can determine if, when, and how to roll out updates to kernel drivers. Trellix will not override a customer’s update distribution preferences or controls.

Responsibility
Our customers should be protected against people and process errors.

  • Trellix follows rigorous processes to validate the quality and stability of both agent and security content updates before they are released, and has multiple controls to limit the impact if an error ever does occur.
  • We follow a phased roll out to prevent wide scale impact, even for our daily security content.
  • Our customers require us to provide high quality releases across cloud, on-premises, air-gapped, and embedded environments at scale.

How can Trellix help now, during, and after recovery

Our support and services teams are mobilized to help you rebuild and recover. Trellix customer or not, you can contact our support and we can help with recovery procedures.

Existing Customers: Log in to Thrive and open a case - we have support standing by.
New Customers: Call 1-800-937-2237 or a local support phone number.

Trellix is the Endpoint Security leader

SE Labs EPS Protection Q3 2023

Trellix Endpoint Security earns AAA from SE Labs

IDC logo

IDC Leader in Worldwide Modern Endpoint Security

Global InfoSec Awards Winner 2024

Endpoint Security Trailblazer from Global InfoSec Award

AV Comparatives Business Security Award 2023

AV TEST: Award for Best Protection for Corporate Users under Windows

Trellix vs. CrowdStrike

Unmatched transparency and control with Trellix.

Trellix Logo

  • Provides customers full control over the deployment timing of new endpoint agent versions​
  • Offers multiple update methods (internet, air-gapped, disconnected) for sensitive and production systems​
  • Ensures all executable code is Microsoft signed and source verified​
  • Maintains clear visibility and transparency in system resource consumption​
  • Keeps kernel code minimal to reduce system risk and enhance stability​
  • Distinctly separates executable code from security updates for staged testing​
  • Certifies all kernel code to guarantee Windows interoperability​
  • Implements phased security update processes to prevent global issues​

CrowdStrike

  • Updates may bypass admin controls, risking unintended agent functionality changes​
  • Limits updates to cloud services, risking outages in sensitive environments​
  • Bypasses signing requirements for update files, risking integrity​
  • Obscures component signatures and system impact, claiming minimal footprint​
  • Increases kernel space functionality, elevating crash risks​
  • Combines content and functionality, complicating customer validation​
  • Skips certification for critical update files​
  • Allows for global updates without phased deployment options​