Hvilke Windows-hændelser er knyttet til resultater med sikkerhedsscore
Summary: Denne artikel indeholder eksempler på Windows-hændelseslogfiler, når sikkerhedsvurderingen er fuldført for Dell Trusted Device.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Instructions
Berørte produkter:
- Dell Trusted Device
Berørte platforme:
- OptiPlex
- Latitude
- Precision Workstations
- XPS
Indholdsfortegnelse:
- Windows-hændelser, der er knyttet til resultater af sikkerhedsscoren
- BIOS-attributter, der bruges i IoAs
Windows-hændelser, der er knyttet til resultater med sikkerhedsscore
Oplysninger om Windows-begivenheder
I afsnittet nedenfor vises nogle relevante eksempler på Windows-hændelseslogfiler:
- Sikkerhedsscore
- BIOS-verificering
- Indikatorer for angreb
- ME-verifikation
Sikkerhedsscore
Security Score Plugin genererer en hændelse, hver gang Security Score Assessment opdateres. Hændelser til vurdering af sikkerhedsscore, der er skrevet til hændelsesloggen for Dell-programmet, har en kilde med navnet Trusted Device | Sikkerhedsvurdering.
Begivenheder
Følgende er eksempler på hændelser, der er genereret med henblik på vurderinger af sikkerhedsscore.
Resultat: BESTÅET (eksempel)
Event ID: 13 Level: Informational Dell Trusted Device has completed a security scan of the system with service tag xxxxxxx at 9/28/2020 2:56:08 PM. Result: PASSED Score: 100 Risk Areas Scanned: (Passed: 7, Warning: 0, Fail: 0) - Antivirus solution detected and enabled: PASS - BIOS Admin Password set: PASS - BIOS Verification: PASS - Disk Encryption: PASS - Firewall solution detected and enabled: PASS - Indicators of Attack detected: PASS - TPM enabled: PASS
Resultat: BESTÅET, med advarsler (eksempel)
Event ID: 14 Level: Warning Dell Trusted Device has completed a security scan of the system with service tag xxxxxxx at 9/28/2020 2:56:08 PM. Result: PASSED, with warnings Score: 100 Risk Areas Scanned: (Passed: 6, Warning: 1, Fail: 0) - Antivirus solution detected and enabled: PASS - BIOS Admin Password set: PASS - BIOS Verification: PASS - Disk Encryption: WARNING - Firewall solution detected and enabled: PASS - Indicators of Attack detected: PASS - TPM enabled: PASS
Resultat: Fejl (eksempel).
Event ID: 15 Level: Error Dell Trusted Device has completed a security scan of the system with service tag xxxxxxx at 9/28/2020 5:05:22 PM. Result: FAILED Score: 71 Risk Areas Scanned: (Passed: 4, Warning: 1, Fail: 2) - Antivirus solution detected and enabled: PASS - BIOS Admin Password set: PASS - BIOS Verification: PASS - Disk Encryption: WARNING - Firewall solution detected and enabled: PASS - Indicators of Attack detected: FAIL - TPM enabled: FAIL
BIOS-verificering
Hvis BIOS-bekræftelsen fuldføres og lykkes, skrives der en post på infoniveau til hændelsesloggen for Dell-programmer, som beskriver resultatet. Hvis behandlingen af BIOS-verifikationen af en eller anden grund ikke kan fuldføres, skrives der en post på fejlniveau (eller advarselsniveau) til hændelsesloggen for Windows-systemet, som beskriver fejlen. En post, der er skrevet til hændelsesloggen Windows System, har en kilde med navnet Dell Trusted Device | Intel BIOS-bekræftelse.
Begivenheder
Hændelses-id 4 angiver nedenstående fejltyper:
Bekræftelsen mislykkedes
BIOS Verification failed and have a Fail evaluation. Event ID: 4 Level: Error BIOS Verification : 1 (Failed Result) [Displays the complete Json Payload.]
Registrer manipulation:
BIOS Verification failed and have a tampering detected error Event ID: 4 Level: Error BIOS Verification : 2 (Tampered Result) [Displays the complete Json Payload.]
Hændelses-id 2 angiver nedenstående fejltyper:
Driverfejl
BIOS Verification failed and have a driver error. Event ID: 2 Level: Error BIOS Verification : 8 (Driver Error). See log file for more information
Netværksforbindelsesfejl
BIOS Verification failed and have a network connection error Event ID: 2 Level: Error BIOS Verification : 13 (Network Connectivity Error) See log file for more information
Platform understøttes ikke
BIOS Verification failed and have a platform unsupported error Event ID: 2 Level: Error BIOS Verification : 11 (Platform Not Currently Supported) See log file for more information
Ukendt fejl
BIOS Verification failed and have an unknown error Event ID: 2 Level: Error BIOS Verification : 3 (Unknown Error). See log file for more information
Intern serverfejl
BIOS Verification failed and have an internal error Event ID: 2 Level: Error BIOS Verification : 6 (Internal Error). See log file for more information
Ugyldig BIOS-datafejl
BIOS Verification failed and have an invalid bios data error Event ID: 2 Level: Error BIOS Verification : 9 (Invalid BIOS Data Error). See log file for more information
Indikatorer for angreb
Hændelser genereret af Indicators of Attack (IoA) Plugin er beregnet til at rapportere tilstandsændringer i IoA-trusselskæderne.
- IOA-hændelser, der er skrevet til hændelsesloggen Windows System, har en kilde med navnet Dell Trusted Device | BIOS-hændelser og IOA.
- IoA-hændelser, der er skrevet til hændelsesloggen for Dell-programmet, har en kilde med navnet Trusted Device | BIOS-hændelser og IOA.
Begivenheder
IoA-plug-in'et genererer følgende hændelser. Disse kan have lidt variabelt indhold, såsom <<angrebstype>> og <<relevante attributændringer>>, afhængigt af den involverede trusselskæde. Det variable indhold erstattes med faktisk indhold, når begivenheden skrives.
Definitioner af aktuelle hændelses-id er knyttet til truslens aktuelle tilstand:
- 10 angiver, at kædekriterierne ikke er opfyldt.
- 11 angiver, at kædekriterierne har opfyldt niveauet for et delvist angreb.
- 12 angiver, at kædekriterierne er opfyldt fuldt ud.
Delvist angreb registreret
When a partial attack is detected, the following event is written: Event ID: 11 Level: Warning A partial Indicator of Attack was detected (Category: <<Attack Type>>) based on the following events: <<Relevant Attribute Changes>>
Delvist angreb eskalerer til fuldt angreb:
When a partial attack escalates to a full attack, the following event is written: Event ID: 12 Level: Error A partial Indicator of Attack has escalated (Category: <<Attack Type>>) based on the following events: <<Relevant Attribute Changes>>
Delvist angreb ryddet
When a partial attack is cleared, the following event is written: Event ID: 10 Level: Information A partial Indicator of Attack has been cleared (Category: <<Attack Type>>).
Fuldt angreb
When a threat chain goes from clear to detecting a full attack, the following event is written: Event ID: 12 Level: Error An Indicator of Attack was detected (Category: <<Attack Type>>) based on the following events: <<Relevant Attribute Changes>>
Fuldt angreb reduceret til delvist angreb
When a full attack is reduced to a partial attack, the following event is written: Event ID: 11 Level: Warning An Indicator of Attack has been reduced (Category: <<Attack Type>>) based on the following events: <<Relevant Attribute Changes>>
Fuldt angreb ryddet
When a full attack is cleared, the following event is written: Event ID: 10 Level: Information An Indicator of Attack has been cleared (Category: <<Attack Type>>).
ME-verifikation
ME Verification håndterer ME-verificeringsprocessen. Hvis ME-bekræftelsen fuldføres og lykkes, skrives der en post på infoniveau til hændelsesloggen for Dell-programmer, som beskriver resultatet. Hvis behandlingen af ME-verifikation af en eller anden grund ikke kan fuldføres, skrives der en post på fejlniveau (eller advarselsniveau) til både Windows-systemets hændelseslog og hændelsesloggen for Dell-programmer, der beskriver fejlen:
- En post, der er skrevet til hændelsesloggen Windows System, har en kilde med navnet Dell Trusted Device | Intel ME-bekræftelse.
- En post skrevet til Dells programhændelseslog har en kilde med navnet Trusted Device | Intel ME-bekræftelse.
Begivenheder
ME Verification-pluginet genererer følgende hændelser:
Definitioner af aktuelle hændelses-id er knyttet til logføringsniveauet:
- 18 angiver, at det er en informationsindtastningstype.
- 19 angiver, at det er en advarselstype.
- 20 angiver, at det er en fejlindtastningstype.
Bekræftelsen blev gennemført
ME Verification succeeded and have a Pass evaluation Event ID: 18 Level: Information Dell Trusted Device has completed an Intel ME Verification scan of the system with service tag G1CCLQ2 at 4/28/2021 2:56:08 PM. Result: PASSED
Bekræftelsen mislykkedes
ME Verification failed and have a Fail evaluation Event ID: 20 Level: Error Dell Trusted Device has completed an Intel ME Verification scan of the system with service tag G1CCLQ2 at 4/28/2021 2:56:08 PM. Result: FAILED
Driverfejl
ME Verification failed and have a driver error Event ID: 20 Level: Error Dell Trusted Device has completed an Intel ME Verification scan of the system with service tag G1CCLQ2 at 4/28/2021 2:56:08 PM. Result:Error. A driver error has occurred
Netværksforbindelsesfejl
ME Verification failed and have a network connection error Event ID: 20 Level: Error Dell Trusted Device has completed an Intel ME Verification scan of the system with service tag G1CCLQ2 at 4/28/2021 2:56:08 PM. Result:Error. A network connection error occurred
Platform understøttes ikke
ME Verification failed and have a platform unsupported error Event ID: 20 Level: Error Dell Trusted Device has completed an Intel ME Verification scan of the system with service tag G1CCLQ2 at 4/28/2021 2:56:08 PM. Result:Error. Platform not currently supported
Intern serverfejl
Event ID: 20 Level: Error Dell Trusted Device has completed an Intel ME Verification scan of the system with service tag G1CCLQ2 at 4/28/2021 2:56:08 PM. Result:Error. An internal error occurred within the server
Registrer manipulation:
ME Verification failed and have a tampering detected error Event ID: 20 Level: Error Dell Trusted Device has completed an Intel ME Verification scan of the system with service tag G1CCLQ2 at 4/28/2021 2:56:08 PM. Result:Error. Tampering has been detected
Ukendt fejl
ME Verification failed and have an unknown error Event ID: 20 Level: Error Dell Trusted Device has completed an Intel ME Verification scan of the system with service tag G1CCLQ2 at 4/28/2021 2:56:08 PM. Result:Error. An unknown error has occurred
Ugyldigt parameter
ME Verification issues a warning about invalid parameter Event ID: 19 Level: Warning Dell Trusted Device has completed an Intel ME Verification scan of the system with service tag G1CCLQ2 at 4/28/2021 2:56:08 PM. Result:Warning. The parameter is invalid
BIOS-attributter, der bruges i IoAs
Bemærk:
- Skærmbillederne er eksempler og afspejler muligvis ikke direkte den nøjagtige BIOS-attribut for en bestemt platform.
- Dette diagram er dynamisk, efterhånden som der oprettes yderligere IoA'er.
| IoAs | BIOS-skærmbillede |
|---|---|
| Sikker start |  |
| Forsøg på LegacyBoot |  |
| Startliste |  |
| UEFIBootPathSecurity |  |
| AutoOSThresholdRecovery |  |
| AllowBiosDowngrade |  |
| CapsuleFirmwareUpdate |  |
| BiosAutoRecovery |  |
| TPMActivation |  |
| TPM |  |
| TPMClear |  |
| TPMPpiClearOverride |  |
| Automatisk tænd |  |
| WakeOnLan |  |
| RemoteWipeInternalDrives |  |
| USBWake |  |
| WakeOnDock |  |
| TPMRemoteActivation: | TBD |
| AdminPwMinLen |  |
| PwdMinLen | TBD |
| StrongPassword |  |
| Spærring af administratoropsætning |  |
| BIOSAdminPwd | TBD |
| ClearBIOSLog | TBD |
| ClearPowerLog | TBD |
| Ryd ThermalLog | TBD |
| Advarsel om Ryd kabinetindtrængen |  |
| Ryd DellRMTLog | TBD |
| Rapportering om kabinetindtrængen |  |
| Kabinetindtrængen | Ikke tilgængelig |
| Mikrofon |  |
For at kontakte support kan du bruge internationale supporttelefonnumre til Dell Data Security.
Gå til TechDirect for at oprette en anmodning om teknisk support online.
Hvis du vil have yderligere indsigt og ressourcer, skal du tilmelde dig Dell Security Community-forummet.
Additional Information
Affected Products
OptiPlex, XPS, Latitude, XPS, XPS Tablets, Fixed Workstations, Mobile Workstations, Dell Trusted DeviceArticle Properties
Article Number: 000233967
Article Type: How To
Last Modified: 09 Oct 2024
Version: 2
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.