Over the last year I have worked with our internal IT shop to implement vPro & CentrinoPro into the environment.  While that was fun & rewarding, I thought now would be a good time to implement a smaller instance w/ a mix of clients & try out the new Intel System Defense Utility that I put a link on the tool page.

 

I've currently procured a centrinoPro, vPro(AMT2.x) & working on obtaining a vPro(AMT3.0) box to showcase all use cases & functionality, especially the Remote Configuration feature.  What is good to note is that Matt Royer already helped me demonstrate Remote Configuration in San Francisco IDF & it was very nice to watch the out of the box to having the console automatically provision & show the vPro machine.   However now the immediate challenge is for me to set this up w/ ISDU & see what use cases I can utilize.

 

if your on this path as well, let me know.  I like to hear how you are using AMT (active management technology).

 

Cheers.   Off to Provisioning....

 

UPDATE

I updated the BIOS via USB on the CentrinoPro & vPRO machines to ensure latest bios.  I will work to get the post up this week on how to create a dos bootable USB stick & the preferences on size of the stick. 

 

I then downloaded the Intel System Defense Utility, then I hard lined the CentrinoPro machine for now as I have not changed my Access Point settings for WPA at this point

(remember i'm doing this in SMB mode). 

 

I then started the scan & was able to see both machines.   If you click on link below you will find that I was able to detect both machines.  I started first with inventory to show what I could validate from the Machines.  Good to note is that both machines are Plugged into the network & the power (desktop - of course, notebook - yes).  I wasn't satisified with the results so I went to each of the machines Web UI to ensure I could connect.

 

 

Initial Scan to obtain machines on the subnet, while this took longer than I expected it did find all the machines.

 

After finding you double click on each PC & it connects you to the Firmware.

 

Then I pulled an asset mgmt screen on both the notebook & desktop to show that I can pull inventory, take in account each machine is powered down at this point. 

 

 

 

Now to be sure you can establish communication I went to the Web UI on both, which in the ISDU tool it is simple to click the link & hit the admin login. 

 

 

 

While this is good, it's time to now showcase the rest of the use cases, including System Defense with a few good filters.  I was out hunting for a good virus & found the backdoor.darkmoon.  One of the ports is listens on is 6868 & 7777..  I was able to use System Defense as seen below to block these ports by doing the following:

#1.  Open up Intel System Defense Utility

#2.  Connect to the impacted machine

#3.  Select the "System Defense" tab

#4.  Select "Block LImited Services"

#5.  Uncheck all items & then in blocked ports in put "6868,7777"

#6.  Hit Apply Settings, then Apply Changes

 

DONE - I've now protected my machine quickly against the potential exploit.  It doesn't fix it for cleaning, however it does protect the virus from communicating & receiving future instruction. 

 

Now I can remote control it, turn it on, update the DAT files.