SST has a limitation. It cannot look deeper into other profiles on a computer.
In the real world we rarely get to sit side by side with the user and diagnose the machine. We are in a state of swap out hardware and keep moving to keep the end user productive and minimize impact to business. We then take the machine and work on it under our credentials or local admin account. In addition, we were lucky enough to get the SST run on the machine we were using as a baseline, until the boot issue with the image arouse, under the users account while it was generating traffic and the SST found nothing.
How can we look at non loadable areas for potential threats if we don't have the original users credentials.