[kenny11]

This is covered in the linked article as well as Dave Plummer's video referenced therein. The Crowdstrike driver is specifically marked as critical to starting the system and so disables the last-known-good mechanisms.

Here's the section where Dave talks about it: https://youtu.be/wAzEJxOo1ts?si=aCX8pOTP0D_IRNAx&t=670

[fredski42]

Still, if it’s that critical it should be deployed through the OS vendor, not some 3rd party. And regression/canary testing at each level (3rd party, MS, customer) seems to also be completely bypassed here, which also baffles me.