Hi,
I have an HP Zbook workstation that I use for work with SEP installed. Everything is managed by the company policies, but it seems that SEP starts analysing the disk each time an external drive is connected.
Last friday, I connected a SanDisk 1 Tb SSD via an usb to sata cable. It contains a large library of files (about 800 mb) and I never had any issues with it before.
The only thing that happened was the notification that an usb device was connected, but it seems the drive was never mounted since it never showed up on explorer.
After about 30 seconds of nothing happening, I tried to safely remove the drive via the taskbar prompt. The drive disappeared from the list of ejectable usb devices, its activity led stopped blinking and I removed it. Upon trying to read it afterwards on my personal computer, it seems that it was corrupted by some degree.
Windows assigns it a letter but gives an error saying the filesytem is corrupted upon trying to access it.
I've been trying a lot of different solutions to repair the drive but nothing has worked so far :
- chkdsk says the mbr is corrupted and fails to try to rebuild it
- bootrec fixmbr doesn't work either (not sure if it's even pertinent since it's simply a data storage drive, not an OS)
- easeUS tools for data recovery shows the files are still present in the drive upon scanning, with a small amount of files and folders with paths showing up as "intact", and others with unrecognizeable filenames and sorted only by filetype (i didn't wait for the full scan to finish so not sure if this condition improves over time). I also tried running their disk utils both from windows and via their bootable recovery disk tool, but the ssd disk doesn't even show up on their list of devices to repair
- AOMEI tool for rebuilding the MBR doesn't work either, even though it says the operation was done successfully.
- diskpart list displays 2 partitions for the disk : a 15mb NTFS one containing the system volume information, no letter assigned, and a second one that shows up as RAW with a letter assigned.
- bad sectors analysis tools show no bad sectors upon full scan
The first partition contains
"System Volume Information\EfaSIDat\SYMEFA.DB" with a modificaiton timestamp matching the moment I connected it to my workstation. That's what led me to this forum and my suspicion of SEP being behind it, since apparently it creates this file that blocks removal of the drive while it performs its analysis (?)
Can someone shed a light on this issue? I haven't had a lot of luck searching on different forums for similar documented problems...