Dell XPS 15 with ME disabled & no out-of-band-management is locked - cannot jailbreak

Hi!

I'm beyond exhausted with this issue and I can't figure out exactly what it is that is preventing me from:

• installing certain apps
• disabling Windows Offender - they actually set up Defender with unsigned binaries and extensions; also installed unsigned drivers
• configuring Data Loss Prevention (DLP)
• configuring Endpoint Detection and Response (EDR)
• recognizing if I am in a VMware ESIx or some other hypervisor
• stopping documents and executables being patched all over - as in labeled for Purview
• formatting USB drives such that they are 100% clean - yet there seems to be a filter system set up to add a TSR stub
• booting ANY other OS, from USB or SD card (even if externally set to read-only mode) without ending up in a virtual container or sandbox of some sort - suspecting some kind of DOS is running concurrently

Could I please ask you for help and what diagnostic data should I provide to help; I am so exhausted with this very pricey paperweight of a computer.

Dell of course didn't disable the Management Engine - I know it's not possible to completely disable, only disable post boot via High Assurance Platform bit - but I expected the semi-secret official supplier for the DoD and the intelligence community to be capable of setting the HAP bit like they do for those guys. Instead, the Management Engine runs the familiar Dynamic Application Loader service and listens to localhost IPv6 port in case some haxor sends a Java applet for the Management Engine to process and thus persistence.

As for no out-of-band management, since being completely locked to Windows and unable to boot anything else - in cases where I FUBAR the OS I have to use Dell Cloud Recovery and of course accept their license otherwise I cannot get a working OS. Essentially they are forcing me into their controversial privacy policy which I seriously doubt is GDPR compliant. Open their website and hit F12, you'll see tons of JavaScripts for tracking. In their privacy policy, they mention doing cross-device tracking, and since Windows 11 allows for Bluetooth to communicate like a botnet with anything and anyone, all my Android devices are now acting odd.

Dell then installs its set of apps, including the Digital Delivery aka drive-by downloader and SupportAssist agents, Data Vault agents, and all sorts of other agents, including some TechHub crapware. Waves MaxxAudio Pro app is persistent, so is Killer Intelligence Center, and some other weird apps. When submitting these executables by Dell as well as legitimate Microsoft executables patched by Dell, they are all malicious, according to Hybrid-Analysis, FileScan.io, VirusTotal, etc.

Does anyone have an idea how to jailbreak from the container or virtual machine that I am in?

I'm an IT Security Researcher and it's killing me. What do these guys, i.e., Dell, use for persistence? Effectively making my laptop a Chromebook.

Dell Security Manager disk wipe program doesn't remove all the files.

I have a WBT22 Thunderbolt 4 dock, and I suspect that it has non-volatile memory.

The only hint of virtualization I have found is that Dell installs the vmx3 ethernet driver by VMware for the dock Gigabit Ethernet adapter.

The moment I got the computer, before booting pre-installed Windows for the first time, I went to BIOS and "permanently" disabled Absolute Persistence because I knew about it and I despise it.

Welcome to the forum. I will admit I cannot follow all that you referred to, but maybe some of this will help to lead you in the right direction. When I got a new Dell business class PC, I removed all Dell stuff. It's been a while but here's what I remember doing at the time:

1.Disable any reference to Dell recovery within the UEFI bios.
2. Disconnected from internet, then went to services, stopped services and changed to disabled all relating to Dell. Then restart.
3. Uninstalled all Dell apps using Revo Uninstaller.
4. Seems like I remember I found a couple of leftover Dell folders either in Programdata, Programfiles, or Appdata. I can't remember which ones right now. I removed them.
5. I backed up all the drivers.
6. I was then able to disable secure boot and do a clean install to get rid of all the crap pre-installed apps, etc. I did so using a local account, disconnected from the internet.
7. Immediately went into group policy and disabled Windows Update from updating my drivers and other policies I wanted to control..
8. Reinstalled Dell drivers and reconnected to internet

NOTE: If you manually applied the Secure Boot Revocations relating to CVE-2023-24932 which the May and July windows updates addressed, your boot media will not work even if secure boot is turned off unless you have manually altered your current boot media to include the revocations per addressed in that article. As far as I know, MS has not as yet released new boot media that includes the new WinPE that addresses those revocations.

If you have NOT manually applied the secure boot revocations, then the currently released boot media should work to clean install.

Along with most everyone else here, the revocation issue is currently a very gray area. I can only speak for myself and say the matter can be a nightmare for the end user at the present time. I do not completely understand it all so this is what little I think I know..

If you cannot work out your issues, UPPER level Dell Support should be able to advise what to do. The problem is the hoops you have to jump through to get to a knowledgable person. Lower level is useless in such matters.