Why can't Windows safely restore faulty .sys files from backup on boot?

Question

I have very little experience in the operating system or kernel space so apologies if this is a very trivial question, but it was something I was wondering and would love an answer or some details. Here's some steps that I would have thought would be easy to implement and would avoid the entire CrowdStrike issue:(1) Keep backup of all .sys files on healthy boot, (2) When bluescreen, log for recovery on next boot, (3) At recovery boot, load each .sys, (3a) If healthy, log it into safe batch, (3b) If bluescreen, mark it as unhealthy on next boot, (4) Continue until you have a list of healthy and unhealthy .sys, (5) Restore unhealthy from backup, (6) Disable automatic updates for unhealthy .sys, (7) Log alert for system administratorIs there any reason this isn't something that's implemented? I really am just curious and would love your thoughts, as I do find this area very interesting.Thanks!

Someone · Accepted Answer

Windows has &ldquo;system restore points&rdquo; to which you can roll back. Those can help in rolling back a driver update.In this case, however, the .sys files aren&rsquo;t drivers, just config files that have a .sys extension, so such a recovery mechanism would have to be part of CrowdStrike, not Windows.

rini17 · Answer

Windows Update can, but crowdstrike does its own thing.