Has anyone tried using system defense rules in AMT? I am trying to see if we can use it to restrict AMT connection from a specific management server IP.
I created a Drop all rule and I can still connect to AMT from anywhere the management console is installed (So long as I am using an account that has access, such as user ID and password, or Kerberos via AD groups).
So I then thought OK, can I limit connections to a specific port, say SMB (445) - I created a filter and a policy and applied it using Mesh Commander, but I can still connect to the endpoint via SMB. Confusing!
Can you see anything wrong with my 445 filters?
Please help us providing some additional information:
Can you please provide us the AMT version that you are currently running?
Also, please provide to the model of your systems.
On how many systems you are deploying AMT?
Also, we do recommend checking the https://www.intel.com/content/dam/support/us/en/documents/software/Intel_SCS_User_Guide.pdf user guide.
Please provide us with a copy of the RCS log in order to check the version of the AMT that you have.
The log files of the RCS are located in a folder named RCSConfServer in one of these hidden locations: • ProgramData\Intel_Corporation • Documents and Settings\All Users\Application Data\Intel_Corporation
The log file is named RCSLog.log and records all operations and actions done by the RCS. Each time the log file becomes too large, or the RCS is restarted, the file content is moved to a new file with this format: RCSLog.logYYYY-MM-DD-HH-MI-SS.log.