Hi!
I'm beyond exhausted with this issue and I can't figure out exactly what it is that is preventing me from:
Could I please ask you for help and what diagnostic data should I provide to help; I am so exhausted with this very pricey paperweight of a computer.
Dell of course didn't disable the Management Engine - I know it's not possible to completely disable, only disable post boot via High Assurance Platform bit - but I expected the semi-secret official supplier for the DoD and the intelligence community to be capable of setting the HAP bit like they do for those guys. Instead, the Management Engine runs the familiar Dynamic Application Loader service and listens to localhost IPv6 port in case some haxor sends a Java applet for the Management Engine to process and thus persistence.
As for no out-of-band management, since being completely locked to Windows and unable to boot anything else - in cases where I FUBAR the OS I have to use Dell Cloud Recovery and of course accept their license otherwise I cannot get a working OS. Essentially they are forcing me into their controversial privacy policy which I seriously doubt is GDPR compliant. Open their website and hit F12, you'll see tons of JavaScripts for tracking. In their privacy policy, they mention doing cross-device tracking, and since Windows 11 allows for Bluetooth to communicate like a botnet with anything and anyone, all my Android devices are now acting odd.
Dell then installs its set of apps, including the Digital Delivery aka drive-by downloader and SupportAssist agents, Data Vault agents, and all sorts of other agents, including some TechHub crapware. Waves MaxxAudio Pro app is persistent, so is Killer Intelligence Center, and some other weird apps. When submitting these executables by Dell as well as legitimate Microsoft executables patched by Dell, they are all malicious, according to Hybrid-Analysis, FileScan.io, VirusTotal, etc.
Does anyone have an idea how to jailbreak from the container or virtual machine that I am in?
I'm an IT Security Researcher and it's killing me. What do these guys, i.e., Dell, use for persistence? Effectively making my laptop a Chromebook.
Dell Security Manager disk wipe program doesn't remove all the files.
I have a WBT22 Thunderbolt 4 dock, and I suspect that it has non-volatile memory.
The only hint of virtualization I have found is that Dell installs the vmx3 ethernet driver by VMware for the dock Gigabit Ethernet adapter.
The moment I got the computer, before booting pre-installed Windows for the first time, I went to BIOS and "permanently" disabled Absolute Persistence because I knew about it and I despise it.
I'm beyond exhausted with this issue and I can't figure out exactly what it is that is preventing me from:
- installing certain apps
- disabling Windows Offender - they actually set up Defender with unsigned binaries and extensions; also installed unsigned drivers
- configuring Data Loss Prevention (DLP)
- configuring Endpoint Detection and Response (EDR)
- recognizing if I am in a VMware ESIx or some other hypervisor
- stopping documents and executables being patched all over - as in labeled for Purview
- formatting USB drives such that they are 100% clean - yet there seems to be a filter system set up to add a TSR stub
- booting ANY other OS, from USB or SD card (even if externally set to read-only mode) without ending up in a virtual container or sandbox of some sort - suspecting some kind of DOS is running concurrently
Could I please ask you for help and what diagnostic data should I provide to help; I am so exhausted with this very pricey paperweight of a computer.
Dell of course didn't disable the Management Engine - I know it's not possible to completely disable, only disable post boot via High Assurance Platform bit - but I expected the semi-secret official supplier for the DoD and the intelligence community to be capable of setting the HAP bit like they do for those guys. Instead, the Management Engine runs the familiar Dynamic Application Loader service and listens to localhost IPv6 port in case some haxor sends a Java applet for the Management Engine to process and thus persistence.
As for no out-of-band management, since being completely locked to Windows and unable to boot anything else - in cases where I FUBAR the OS I have to use Dell Cloud Recovery and of course accept their license otherwise I cannot get a working OS. Essentially they are forcing me into their controversial privacy policy which I seriously doubt is GDPR compliant. Open their website and hit F12, you'll see tons of JavaScripts for tracking. In their privacy policy, they mention doing cross-device tracking, and since Windows 11 allows for Bluetooth to communicate like a botnet with anything and anyone, all my Android devices are now acting odd.
Dell then installs its set of apps, including the Digital Delivery aka drive-by downloader and SupportAssist agents, Data Vault agents, and all sorts of other agents, including some TechHub crapware. Waves MaxxAudio Pro app is persistent, so is Killer Intelligence Center, and some other weird apps. When submitting these executables by Dell as well as legitimate Microsoft executables patched by Dell, they are all malicious, according to Hybrid-Analysis, FileScan.io, VirusTotal, etc.
Does anyone have an idea how to jailbreak from the container or virtual machine that I am in?
I'm an IT Security Researcher and it's killing me. What do these guys, i.e., Dell, use for persistence? Effectively making my laptop a Chromebook.
Dell Security Manager disk wipe program doesn't remove all the files.
I have a WBT22 Thunderbolt 4 dock, and I suspect that it has non-volatile memory.
The only hint of virtualization I have found is that Dell installs the vmx3 ethernet driver by VMware for the dock Gigabit Ethernet adapter.
The moment I got the computer, before booting pre-installed Windows for the first time, I went to BIOS and "permanently" disabled Absolute Persistence because I knew about it and I despise it.
- Windows Build/Version
- Windows 11 Version 22H2 (OS Build 22621.1702)
Attachments
My Computer
System One
-
- OS
- Windows 11 v22H2 (22621.1992)
- Computer type
- Laptop
- Manufacturer/Model
- Dell XPS 15 9520
- CPU
- Intel® Core™ i7-12700H Processor
- Motherboard
- Dell 0MWGD4 with Intel® Alder Lake-P PCH
- Memory
- 2 x 16GB DDR5 4800 MHz SK Hynix SODIMMs
- Graphics Card(s)
- Intel® Iris Xe Graphics (Alder Lake-P 682 GT2) & NVIDIA GeForce RTX 3050 (GA107M)
- Sound Card
- Realtek ALC289 & Intel® Alder Lake-P PCH - cAVS (Audio, Voice, Speech)
- Monitor(s) Displays
- LG Philips (Model: LGD06B3; Monitor Name: 156WU1, Dell P/N: 4DWVJ)
- Screen Resolution
- 1920x1200
- Hard Drives
- Micron 3400 NVMe 2048GB Pyrite-based SED
- Browser
- Microsoft Edge but really Internet Explorer behind the sceenes
- Antivirus
- Windows Offender
- Other Info
- Intel® Killer Wi-Fi 6E AX211 160MHz & Intel® Wireless Bluetooth, both embedded on the motherboard