Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2827 Discussions

vPro AMT System Defense

PBurn1
Beginner
2,774 Views

Has anyone tried using system defense rules in AMT? I am trying to see if we can use it to restrict AMT connection from a specific management server IP.

I created a Drop all rule and I can still connect to AMT from anywhere the management console is installed (So long as I am using an account that has access, such as user ID and password, or Kerberos via AD groups).

So I then thought OK, can I limit connections to a specific port, say SMB (445) - I created a filter and a policy and applied it using Mesh Commander, but I can still connect to the endpoint via SMB. Confusing!

Can you see anything wrong with my 445 filters?

ProtocolID=6,SrcAddress=xx.xx.xxx.xxx,SrcMask=xxx.xxx.xxx.x,HdrDestPortStart=445,HdrDestPortEnd=445

0 Kudos
6 Replies
idata
Employee
1,051 Views

Hello PT,

 

 

Please help us providing some additional information:

 

 

Can you please provide us the AMT version that you are currently running?

 

 

Also, please provide to the model of your systems.

 

 

On how many systems you are deploying AMT?

 

 

Also, we do recommend checking the https://www.intel.com/content/dam/support/us/en/documents/software/Intel_SCS_User_Guide.pdf user guide.

 

 

 

Best regards,

 

 

Sergio S.
0 Kudos
idata
Employee
1,051 Views

Hello PT,

 

 

We are following your question and we would like to know if you need further assistance.

 

 

Best regards,

 

Sergio S.
0 Kudos
PBurn1
Beginner
1,051 Views

Hello there - Not sure of the version - This is on a Dell Precision 3520 laptop. Still unsure if the filter is formatted correctly, but it doesn't seem to drop 445 packets.

0 Kudos
idata
Employee
1,051 Views

Hello PT,

 

 

Please provide us with a copy of the RCS log in order to check the version of the AMT that you have.

 

The log files of the RCS are located in a folder named RCSConfServer in one of these hidden locations: • ProgramData\Intel_Corporation • Documents and Settings\All Users\Application Data\Intel_Corporation

 

 

The log file is named RCSLog.log and records all operations and actions done by the RCS. Each time the log file becomes too large, or the RCS is restarted, the file content is moved to a new file with this format: RCSLog.logYYYY-MM-DD-HH-MI-SS.log.

 

 

Best regards,

 

Sergio S.
0 Kudos
idata
Employee
1,051 Views

Hello PT,

 

 

I am following up your question and we would like to know if you need further assistance

 

 

 

Best regards,

 

Sergio S.
0 Kudos
idata
Employee
1,051 Views

Hello PT,

 

 

In case you need further assistance please contact us back

 

 

 

Best regards,

 

Sergio S.
0 Kudos
Reply