run command prompt as admin
“c:”
“cd c:"
“netsh wfp show filters”
This’ll create “filters.xml”
“notepad filters.xml”
ctrl-f and find “CrowdStrike WFP Provider”
The “providerKey” will be a GUID for the filter - an example is the following:
Open registry editor as admin
Browse to
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BFE\Parameters\Policy\Persistent\Provider- or search for a “value” matching the providerKey above (eg “{dd00a9d2-2593-497a-b84e-a1c47ab952d5}”)Back up the registry folder - right click “provider” and click export. Save this to a file.
Make sure you’ve got non-network-reliant access to the machine, either via the VM console or directly.
Right click ONLY the filter entry (eg “{dd00a9d2-2593-497a-b84e-a1c47ab952d5}”) and delete that.
Restart the operating system