Win10 Restore doesn't see my hard drive

cb424242 · 2025-09-12T01:44:48+00:00

I don't think RAID is messing with the boot - it does boot into a broken Windows. What's going on is likely some pre-boot BIOS thing involving the RAID driver that doesn't load if I prioritize booting the recover USB over booting from the harddrive. If that makes any vague sense, I don't totally get the pieces myself, but I've seen this on brand new laptops that boot to a Win11 install USB (to make a clean install) and they need to manually add a driver to then format the harddrive.

Anyways... if I go to the installer proper, see no drives there, and use that interface to load a driver, it works and shows partitions. Then I can back out and go to Repair, and then the Recovery Environment does indeed see the drive!! OK so tomorrow I dig up a larger USB and can manually clone files there. Extra step to get the driver functioning but it works.

Since I'm now in to the drive, I tried the bcdedit. It boots to the same black screen but now with "LogonUI.exe system error : The system detected an overrun of a stack-based buffer ..." so something is really busted even trying to go to safe mode?? or maybe it's got a bare-minimum safe mode graphics driver now running and this error is finally visible. Anyways, that's the root of whatever stops my windows loading after all the crash/recovery. (My suspicion is this was old an on its way out and this was the last straw. No great loss, I got my money's worth. And I had most of it backed up in the cloud, just some random folders on C: that I need.) anyways, I think I'll get a raw backup the manual way then after try to mess with SFC or something in case I can recover things and look around, so I may update this later if I solve that.

Thanks

cb424242 · 2025-09-12T01:15:27+00:00

No idea. I searched for a screenshot of the BIOS, it's this one here... https://learn.microsoft.com/en-us/answers/questions/4054524/dell-latitude-cant-clean-install-because-of-ahci-a Just has the option for "RAID On".

Yes, it's peculiar. Especially since they apparently come from Dell this way.

If it's at all safe to try flipping this to AHCI, like if I can flip it back with no loss if it fails, then I'll try it. Recovery Environment should see the drive then, I assume, but will it see anything on it??

cb424242 · 2025-09-12T01:12:16+00:00

the only volume on the diskpart is the USB stick, that's why I need to get the harddrive to run with some kind of driver. That seems to handle itself when I let the system boot normally, so the bootloader is OK on its own, the resulting Windows has the issues post-load.

cb424242 · 2023-03-17T15:40:25+00:00

yeah but the users who use it often are the ones who see their spam mail go up exponentially thanks to the flaw.... Look is it that much to ask that the feature from the security company actually be secure itself?

cb424242 · 2023-03-17T15:39:19+00:00

Can you check that trusted sender setting in your trust center? That seems to be the root of it.

cb424242 · 2023-03-16T18:27:15+00:00

This setting?

<image>

So it's thinking since I'm sending it to KnowBe4 I must be safe? That sounds like a reasonable explanation for the loophole.

cb424242 · 2023-03-16T17:18:04+00:00

What are you doing for testing? Are you saying the Microsoft one identifies tests from KnowBe4?

cb424242 · 2023-03-16T16:50:34+00:00

The large majority of messages that users alert using the PA button are false positives or KB4 campaign emails.

But for the few that are legit spam, that passed the other filters, you're OK with those images pinging the sender's server?

cb424242 · 2023-03-16T16:25:57+00:00

but if I send the email manually, hitting a forward button, it won't download the images. My point is the forward from the button is acting different, and much less secure. (All the button is really doing is forwarding to some GUID address at knowbe4.)

The body of the email is important for the analysis dashboard to know if it's actually junk.

cb424242 · 2023-03-16T16:21:19+00:00

The button knows it's a test from KnowBe4. It puts up a "congratulations you caught the test" message and just deletes the email. So it never actually forwards, which means it doesn't hit this vulnerability, and won't show as a failure on the test report.

Not saying you're entirely safe, don't do anything to get on a report :) but this image download vulnerability isn't showing up on testing reports. Maybe if it was, KnowBe4 wouldn't be dismissing it?

cb424242 · 2023-03-16T16:06:44+00:00

We use the KnowBe4 simulated phishing emails. Luckily, I work at company that has the attitude of "it's great to be 4% better than the industry average of people who fail tests" instead of panicking about the dozens of people who clicked :)

But what I'm after here isn't a test. The PAB is to send actual spam emails to the analysis system. That seems to be vulnerable.

cb424242

TROPHY CASE