Check the thread at CrowdStrike Issue 2024-07-19 and the updated CrowdStrike bulletin at Statement on Falcon Content Update for Windows Hosts - crowdstrike.com
There are both good and bad versions of these same files. The C-00000291-*.sys files dated after 7/19/2024 05:27 UTC are good, older versions are problematic (with the known-bad one having a timestamp 04:09 UTC). The CSFalcon product will keep downloading new versions of the file if you remove them manually.
The Analysis we have on our GitHub page and linked in that forum post does check the timestamp on the files to determine whether they’re good/bad.
As far as manually deleting the files, we have not been successful at removing them manually as they appear to be locked by CrowdStrike’s kernel-mode drivers; but if you have been able to remove them manually outside of safe mode, then it may be some combination of anti-tamper policy & automation policy allows that. Our test systems have generally been locked-down as far as policy.