Manualshelf

White Papers

ManualsBrandsDell ManualsConverged InfrastructureTrusted Device
891011121314151617
NOTE: BIOS Verification remains a feature of the Dell Trusted Device agent.
Trusted Device now runs as a Windows service.
BIOS Events & Indicators of Attack enables administrators to analyze events in the Windows Event Viewer that may indicate
bad actors targeting BIOS on enterprise endpoints. Bad actors change BIOS attributes to gain access to enterprise
computers locally or remotely. These attack vectors can be monitored then mitigated through the BIOS Events & Indicator
of Attack features' ability to monitor BIOS attributes. If the Trusted Device agent is active on the computer, BIOS Events &
Indicators of Attack runs every 12 hours by default.
It is recommended using a SIEM product to retrieve logs and events. Administrators should provide results to their SOC
team to determine appropriate remediation strategies.
Find BIOS Events & Indicator of Attack notifications in Event Viewer under Windows Logs > System with Source type
Trusted Device.
To change BIOS attributes interval polling, set the following registries.
This entry configures the time period in seconds between BIOS attribute sweeps.
HKLM\SOFTWARE\Dell\TrustedDevice\
DWORD=SecondsBetweenAttributeSweeps
Minimum value in seconds = 3600 (1 hour)
Maximum value = 172800 (48 hours)
Default = every 12 hours
Value (in decimal) = 3600 - sweeps occur every one hour
Value (in decimal) = 172800 - sweeps occur every 48 hours
This entry changes the delay in milliseconds between each individual BIOS attribute retrieval.
HKLM\SOFTWARE\Dell\TrustedDevice\
DWORD=MSBetweenAttributeReads
Minimum value in milliseconds = 500
Maximum value in milliseconds = 2000
Default = every 500 ms
Value (in decimal) = 500 - reads a different BIOS attribute every 500 ms
Value (in decimal) = 2000 - reads a different BIOS attribute every 2000 ms
The following platforms are supported by BIOS Events & Indicators of Attack:
Latitude 3301
Latitude 3400
Latitude 3500
Latitude 5300
Latitude 5300 2-in-1
Latitude 5400
Latitude 5401
Latitude 5500
Latitude 5500
Latitude 7200 2-in-1
Latitude 7300
Latitude 7400
Latitude 7400 2-in-1
Optiplex 7070 Ultra
Optiplex 7071 Tower
Precision 3540
Precision 3541
Precision 5540
Precision 7540
Precision 7740
XPS 13 7390
XPS 13 7390 2-in-1
12
Technical Advisories