Dell Trusted Device Installation and Administrator Guide v2.10 January 2021 Rev.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2019 - 2021 Dell Inc. All rights reserved.
Contents Chapter 1: Introduction................................................................................................................. 4 Contact Dell ProSupport....................................................................................................................................................4 Chapter 2: Requirements.............................................................................................................. 5 Prerequisites..........................................
1 Introduction The Dell Trusted Device agent is part of the Dell SafeBIOS product portfolio. The Trusted Device agent includes BIOS Verification, Image Capture, BIOS Events & Indicators of Attack, and Security Risk Protection Score. BIOS Verification provides customers with affirmation that devices are secured below the operating system, a place where IT administrator visibility is lacking. It enables customers to verify BIOS integrity using an off-host process without interrupting the boot process.
2 Requirements ● See the table below for a list of supported platforms. NOTE: If the Trusted Device agent is installed on non-Dell platforms, the following error displays. NOTE: If the Trusted Device agent is run on an unsupported platform, the following error displays. Exclusions Exclusions may be required for compatibility with third-party software, anti-virus, or scripts. Exclude the following. Folders ● C:\ProgramData\Dell\BiosVerification ● C:\Program Files\Dell\BIOSVerification ● C:\Program Files\DE
● C:\Windows\System32\drivers\dtdsel.sys File Types ● .bv ● .rcv ● .sha256 Prerequisites Prerequisites ● Microsoft .NET Framework 4.7.2 (or later) is required for the installer. The installer does not install the Microsoft .NET Framework component. All computers that are shipped from the Dell factory are preinstalled with the full version of Microsoft .Net Framework 4.8 (or later). To verify the version of Microsoft .Net installed, follow these instructions on the computer targeted for installation.
Dell Computer Models ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ Latitude 5310 2-in-1* Latitude 5400 * Latitude 5401 * Latitude 5410* Latitude 5411* Latitude 5420 Latitude 5424 Latitude 5480 Latitude 5490 Latitude 5491 Latitude 5495 Latitude 5500 * Latitude 5501 * Latitude 5510 Latitude 5511* Latitude 5580 Latitude 5590 Latitude 5591 Latitude 7200 2-in-1 * Latitude 7210 2-in-1* Latitude 7220 Rugged Tablet* Latitude 7220 Rugged Extreme Tablet* Latitude 7280 Latitude
Destination Protocol Port service.delltrusteddevicesecurity.com HTTPS 443 api.delltrusteddevicesecurity.
3 Download the Software This section details obtaining the software from dell.com/support. If you already have the software, you can skip this section. Go to dell.com/support to begin. 1. On the Dell Support webpage, select Browse all products. 2. Select Security from the list of products. 3. Select Trusted Device Security. After this selection has been made once, the website remembers.
4. Select the product. Trusted Device 5. Select Drivers & downloads. 6. Select the wanted client operating system type. 7. Select Trusted Device Agent. 8. Select Download .
4 Verify the Installation Package The Trusted Device installation package is Authenticode signed with a Dell owned certificate. To verify the installation package, do the following: 1. Right-click TrustedDevice-xxbit.msi 2. Select Properties 3. Select the Digital Signatures tab 4. In Signature list, verify Dell Inc displays and select it 5. Select Details 6.
5 Installation Use one of the following methods to install the Trusted Device agent: ● Interactive Installation ● Command-Line Installation Interactive Installation The Trusted Device agent installer requires administrative rights. The bit rate of the utility must match the architecture of the host computer operating system. Choose one of the following: ● TrustedDeviceSetup.msi - 32-bit installer ● TrustedDeviceSetup-64bit.msi - 64-bit installer 1. Copy TrustedDeviceSetup-64bit.msi to the local computer.
7. By default, the Trusted Device installer does not install shortcuts. To install shortcuts, click the Dell Trusted Device Shortcuts feature tree menu and select This feature will be installed on the local hard drive. Click Next to continue. ● 8. Click Install to begin the installation.
9. A status window displays but may take several minutes. 10. Click Finish.
After installation, a browser launches and displays results. See Results, Troubleshooting, and Remediation for more information. Restart the computer to complete installation if prompted. Check Installed Version Interactively To see the installed version of the Dell Trusted Device Agent Interactively, use the following method: 1. In Type here to search on the taskbar, type Apps & features. 2. Left-click Dell Trusted Device Agent and the version displays below the product name.
● Specify display options at the end of the argument that is passed to the /v switch to achieve the expected behavior. Do not use both /q and /qn in the same command line. Only use ! and - after /qb. Switch Meaning /s Silent mode /l Writes logging information into a logfile at the specified or existing path Option Meaning /q No Progress dialog - restarts itself after process completion /qb Progress dialog with Cancel button, prompts for restart.
● The following example adds shortcuts to an existing 64-bit Trusted Device agent installation silently, no progress bar, and logs in C:\Dell. msiexec.exe /i TrustedDeviceSetup-64bit.msi /qn ADDLOCAL="Shortcuts" /l*v C:\DELL \AddShortcuts.log ● The following example removes shortcuts from an existing 64-bit Trusted Device agent installation silently, no progress bar, and logs in C:\Dell. msiexec.exe /i TrustedDeviceSetup-64bit.msi /qn REMOVE="Shortcuts" /l*v C:\DELL \RemoveShortcuts.
6 Uninstall Trusted Device The user uninstalling must be a local administrator. If uninstalling by command line, domain credentials are required. Use one of the following methods to uninstall the utility: ● Uninstall from Apps & features ● Uninstall from the Command-Line Uninstall from Apps & Features 1. In Type here to search on the taskbar, type Apps & features. 2. Left-click Dell Trusted Device Agent then left-click Uninstall.
7 Image Capture Administrators can capture images of corrupted or tampered BIOS for analysis and remediation. When run, Trusted Device queries the EFI partition for a corrupt or tampered image. If an image is detected, it is copied from the EFI partition to %PROGRAMDATA%\Dell\TrustedDevice\ImageCapture. If off-host verification fails, Trusted Device copies corrupt or tampered images from memory to %PROGRAMDATA%\Dell\TrustedDevice\ImageCapture.
8 BIOS Events & Indicators of Attack BIOS Events & Indicators of Attack enables administrators to analyze events in the Windows Event Viewer that may indicate bad actors targeting BIOS on enterprise endpoints. Bad actors change BIOS attributes to gain access to enterprise computers locally or remotely. These attack vectors can be monitored then mitigated through the BIOS Events & Indicator of Attack features' ability to monitor BIOS attributes.
9 Security Risk Protection Score Security Risk Protection Score enables administrators to determine the security risk level of computers in their enterprise. Trusted Device scans and detects the below security solutions and assigns a score per overall risk assessment.
10 Integration The Dell Trusted Device agent can be integrated with other products and services to ensure computers are secure at the BIOS level. Carbon Black Introduction The Carbon Black Cloud incorporates Trusted Device data for reporting and remediation activities.
11 Run the BIOS Verification Agent Use one of the following methods to run the agent: ● Interactively ● Command Line NOTE: If you attempt to run the BIOS Verification agent on an unsupported platform, Platform Not Supported displays. NOTE: The Dell Trusted Device agent determines Dell platform support at runtime. Run the BIOS Verification Agent by Schedule To schedule BIOS Verification agent to run at set intervals or to trigger execution by events, see Microsoft Task Scheduler documentation here.
3. A browser launches automatically and displays BIOS results.
NOTE: If the utility is unable to determine BIOS state, browser-based results do not display. See Results, Troubleshooting, and Remediation for error codes. Run the BIOS Verification Agent with Command Line The following table details optional command-line arguments.
Parameters Meaning -noncestring The parameter is a base64 encoded nonce. The string is base64 decoded, and the result becomes the nonce. If the decoded nonce is larger than 1024 bytes, an ArgumentException error is thrown. 1. 2. 3. 4. Open Command Prompt with administrative privileges. Go to the directory containing the utility. Type Dell.TrustedDevice.Service.Console.exe then press Enter. A browser launches automatically and displays BIOS results.
12 Results, Troubleshooting, and Remediation This chapter details reviewing results, troubleshooting, and remediating a corrupt or tampered BIOS image. Results After running the BIOS Verification agent, results are written to C:\ProgramData\Dell\TrustedDevice\, the %ERRORLEVEL% environment, the Event Viewer, and the registry. %PROGRAMDATA% The Trusted Device agent writes logs and JSON formatted results to C:\ProgramData\Dell\TrustedDevice\.
BIOS Verification Action Level Event ID Task Category Verification Passed Informational 9 1 Verification Failed Error 2 1 Image Captured Warning 1 2 Duplicate Image Capture Warning 2 2 No Image Found Informational 3 2 BIOS Events & Indicators of Attack Action Level Event ID Task Category Indicator of Attack Cleared Informational 10 3 Partial Indicator of Attack Warning 11 3 Indicator of Attack Error 12 3 Action Level Event ID Task Category Pass Informational 13
DWORD=0 - Image was not present on last run. ● Image store path in which the last image was copied. This value will not exist if no images are captured. "LastImagePath"=string ● Timestamp of the last copied image. "LastCopyTimeStamp"=string ● This private key verifies the images in the store. "PrivateKeyBlob"=string Note: End users should not modify this entry as it will prevent the product from functioning properly. ● A public key used to verify the images in the store.
Error Code Meaning Additional Information 0 Verification passed The local BIOS is verified against a known-good Dell BIOS. 1 Verification failed The local BIOS failed verification against a known-good Dell BIOS. 2 The verification result is tampered The verification result is tampered. Run the Dell Trusted Device agent again. If this error persists, reinstall the Dell Trusted Device agent or contact Dell Support.
