Manualshelf

HP Sure Start

ManualsBrandsHP ManualsComputersEliteDesk 705 G4 Mini Desktop Computer
12345678910
8
Technical white paper | HP Sure Start
Runtime Intrusion Detection architecture
The RTID feature utilizes specialized hardware in the platform chipset to detect anomalies in the Runtime HP SMM BIOS.
Detection of any anomalies results in a notication to the HP Endpoint Security Controller, which can take the congured
policy action independent of the CPU.
User notications, event logging, and policy management
HP Sure Start end user notications
Under normal operating conditions, HP Sure Start is invisible to the user. When HP Sure Start identies a problem,
recovery operations are automatic, using the default settings with no end user or IT interaction usually required.
Users may see runtime notications in the event of a BIOS integrity problem detected via the HP Sure Start Dynamic
Protection or the Runtime Intrusion Detection features while the OS is running. If any signicant event is detected or
action is taken, HP Sure Start displays a warning message via Windows® notications on the next boot. HP Notications
Software is required to enable the viewing of these Windows notications.
HP Sure Start event logging
The HP Endpoint Security Controller records critical events related to the rmware/BIOS code and data monitored by
HP Sure Start. These events are stored within the Sure Start nonvolatile memory store. When HP Notications software is
installed, the events are copied from the HP ESC to the Windows Event Viewer to facilitate access to these events by the
local user as well as the customer’s preferred manageability agent.
The following events trigger the HP Notications Software to gather all events from the HP Sure Start subsystem and
ensure that the Windows Event Viewer is updated with any events that are not already recorded there:
Windows Boot
Windows Resume from Sleep/Hibernate
HP Sure Start with dynamic protection runtime event notications
HP Sure Start Runtime Intrusion Detection (RTID)
HP Notications Software populates HP Sure Start events into a unique “HP Sure Start” application event log.
Only HP Sure Start events will be included in this log. The Windows Event Viewer path to the HP Sure Start events is the
following: System Tools/Event Viewer/Applications and Services Logs/HP Sure Start.
The Windows Event Viewer level categories related to HP Sure Start events are dened in the table on the next page.
The events are populated into Windows Event Viewer in the order that they were generated by HP Sure Start. The oldest
event in the HP Sure Start subsystem is added to the Windows Event Viewer rst and the most recent event is added last.
The timestamp for each Windows Event Viewer entry is the time it was added to that log, NOT the time the event
occurred. Each Sure Start Windows Event Viewer entry includes detailed data within the event details, which includes the
timestamp of the actual occurrence.