與安全分數結果相關聯的 Windows 事件是什麼
Summary: 本文提供 Dell 受信任裝置完成安全性評估後的 Windows 事件記錄範例。
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Instructions
受影響的產品:
- Dell Trusted Device
受影響的平台:
- OptiPlex
- Latitude
- Precision 工作站
- XPS
目錄:
與安全性分數結果相關聯的 Windows 事件
Windows 事件詳細資料
以下章節顯示一些相關的 Windows 事件記錄範例:
- 安全性分數
- BIOS 驗證
- 攻擊的指標
- ME 驗證
安全性分數
每次刷新安全分數評估時,安全分數外掛程式都會生成一個事件。寫入 Dell 應用程式事件記錄的安全性分數評估事件具有名為 「受信任裝置 |安全性評估。
大事記
以下是為安全分數評估生成的事件示例。
結果:通過 (範例)
Event ID: 13 Level: Informational Dell Trusted Device has completed a security scan of the system with service tag xxxxxxx at 9/28/2020 2:56:08 PM. Result: PASSED Score: 100 Risk Areas Scanned: (Passed: 7, Warning: 0, Fail: 0) - Antivirus solution detected and enabled: PASS - BIOS Admin Password set: PASS - BIOS Verification: PASS - Disk Encryption: PASS - Firewall solution detected and enabled: PASS - Indicators of Attack detected: PASS - TPM enabled: PASS
結果:已通過,但有警告(範例)
Event ID: 14 Level: Warning Dell Trusted Device has completed a security scan of the system with service tag xxxxxxx at 9/28/2020 2:56:08 PM. Result: PASSED, with warnings Score: 100 Risk Areas Scanned: (Passed: 6, Warning: 1, Fail: 0) - Antivirus solution detected and enabled: PASS - BIOS Admin Password set: PASS - BIOS Verification: PASS - Disk Encryption: WARNING - Firewall solution detected and enabled: PASS - Indicators of Attack detected: PASS - TPM enabled: PASS
結果:失敗(示例)。
Event ID: 15 Level: Error Dell Trusted Device has completed a security scan of the system with service tag xxxxxxx at 9/28/2020 5:05:22 PM. Result: FAILED Score: 71 Risk Areas Scanned: (Passed: 4, Warning: 1, Fail: 2) - Antivirus solution detected and enabled: PASS - BIOS Admin Password set: PASS - BIOS Verification: PASS - Disk Encryption: WARNING - Firewall solution detected and enabled: PASS - Indicators of Attack detected: FAIL - TPM enabled: FAIL
BIOS 驗證
如果 BIOS 驗證完成並成功,Dell 應用程式事件記錄中會寫入說明結果的資訊層級項目。如果 BIOS 驗證處理因任何原因無法完成,則會在 Windows 系統事件記錄中寫入一個錯誤層級 (或警告層級) 項目,說明故障。寫入 Windows 系統事件記錄的項目有名為 Dell Trusted Device |Intel BIOS 驗證。
大事記
事件 ID 4 指示以下錯誤類型:
驗證失敗
BIOS Verification failed and have a Fail evaluation. Event ID: 4 Level: Error BIOS Verification : 1 (Failed Result) [Displays the complete Json Payload.]
偵測篡改:
BIOS Verification failed and have a tampering detected error Event ID: 4 Level: Error BIOS Verification : 2 (Tampered Result) [Displays the complete Json Payload.]
事件 ID 2 表示以下錯誤類型:
驅動程式錯誤
BIOS Verification failed and have a driver error. Event ID: 2 Level: Error BIOS Verification : 8 (Driver Error). See log file for more information
網路連線錯誤
BIOS Verification failed and have a network connection error Event ID: 2 Level: Error BIOS Verification : 13 (Network Connectivity Error) See log file for more information
不支援的平台
BIOS Verification failed and have a platform unsupported error Event ID: 2 Level: Error BIOS Verification : 11 (Platform Not Currently Supported) See log file for more information
未知錯誤
BIOS Verification failed and have an unknown error Event ID: 2 Level: Error BIOS Verification : 3 (Unknown Error). See log file for more information
內部伺服器錯誤
BIOS Verification failed and have an internal error Event ID: 2 Level: Error BIOS Verification : 6 (Internal Error). See log file for more information
無效的 BIOS 資料錯誤
BIOS Verification failed and have an invalid bios data error Event ID: 2 Level: Error BIOS Verification : 9 (Invalid BIOS Data Error). See log file for more information
攻擊的指標
攻擊指標 (IoA) 附掛程式產生的事件旨在回報 IoA 威脅鏈中的狀態變更。
- 寫入 Windows 系統事件記錄的 IoA 事件有一個名為 Dell Trusted Device 的來源 |BIOS 事件與 IoA。
- 寫入 Dell 應用程式事件記錄的 IoA 事件有一個名為 「受信任裝置 |BIOS 事件與 IoA。
大事記
IoA 附掛程式會產生下列事件。這些內容可能略有不同,例如 <<攻擊類型>> 和相關 <<屬性更改>>,具體取決於所涉及的威脅鏈。寫入事件時,變數內容將替換為實際內容。
目前事件 ID 定義與威脅的目前狀態相關聯:
- 10 表示未符合鏈結準則。
- 11 表示鏈標準已滿足部分攻擊的級別。
- 12 表示已完全滿足鏈結標準。
偵測到部分攻擊
When a partial attack is detected, the following event is written: Event ID: 11 Level: Warning A partial Indicator of Attack was detected (Category: <<Attack Type>>) based on the following events: <<Relevant Attribute Changes>>
部分攻擊升級為完整攻擊:
When a partial attack escalates to a full attack, the following event is written: Event ID: 12 Level: Error A partial Indicator of Attack has escalated (Category: <<Attack Type>>) based on the following events: <<Relevant Attribute Changes>>
清除部分攻擊
When a partial attack is cleared, the following event is written: Event ID: 10 Level: Information A partial Indicator of Attack has been cleared (Category: <<Attack Type>>).
全面攻擊
When a threat chain goes from clear to detecting a full attack, the following event is written: Event ID: 12 Level: Error An Indicator of Attack was detected (Category: <<Attack Type>>) based on the following events: <<Relevant Attribute Changes>>
完全攻擊降低為部分攻擊
When a full attack is reduced to a partial attack, the following event is written: Event ID: 11 Level: Warning An Indicator of Attack has been reduced (Category: <<Attack Type>>) based on the following events: <<Relevant Attribute Changes>>
已清除完全攻擊
When a full attack is cleared, the following event is written: Event ID: 10 Level: Information An Indicator of Attack has been cleared (Category: <<Attack Type>>).
ME 驗證
ME 驗證處理 ME 驗證程序。如果 ME Verification 完成並成功,Dell 應用程式事件記錄中會寫入說明結果的資訊層級項目。如果 ME Verification 處理因任何原因無法完成,則會將錯誤層級 (或警告層級) 項目寫入 Windows 系統事件記錄和說明故障的 Dell 應用程式事件記錄:
- 寫入 Windows 系統事件記錄的項目有名為 Dell Trusted Device |Intel ME 驗證。
- 寫入 Dell 應用程式事件記錄的項目有一個名為 「受信任裝置 |Intel ME 驗證。
大事記
ME 驗證外掛程式會產生下列事件:
目前事件 ID 定義與紀錄記錄等級相關聯:
- 18 表示其為資訊輸入類型。
- 19 表示它是警告條目類型。
- 20 表示它是錯誤條目類型。
驗證成功
ME Verification succeeded and have a Pass evaluation Event ID: 18 Level: Information Dell Trusted Device has completed an Intel ME Verification scan of the system with service tag G1CCLQ2 at 4/28/2021 2:56:08 PM. Result: PASSED
驗證失敗
ME Verification failed and have a Fail evaluation Event ID: 20 Level: Error Dell Trusted Device has completed an Intel ME Verification scan of the system with service tag G1CCLQ2 at 4/28/2021 2:56:08 PM. Result: FAILED
驅動程式錯誤
ME Verification failed and have a driver error Event ID: 20 Level: Error Dell Trusted Device has completed an Intel ME Verification scan of the system with service tag G1CCLQ2 at 4/28/2021 2:56:08 PM. Result:Error. A driver error has occurred
網路連線錯誤
ME Verification failed and have a network connection error Event ID: 20 Level: Error Dell Trusted Device has completed an Intel ME Verification scan of the system with service tag G1CCLQ2 at 4/28/2021 2:56:08 PM. Result:Error. A network connection error occurred
不支援的平台
ME Verification failed and have a platform unsupported error Event ID: 20 Level: Error Dell Trusted Device has completed an Intel ME Verification scan of the system with service tag G1CCLQ2 at 4/28/2021 2:56:08 PM. Result:Error. Platform not currently supported
伺服器內部錯誤
Event ID: 20 Level: Error Dell Trusted Device has completed an Intel ME Verification scan of the system with service tag G1CCLQ2 at 4/28/2021 2:56:08 PM. Result:Error. An internal error occurred within the server
偵測篡改:
ME Verification failed and have a tampering detected error Event ID: 20 Level: Error Dell Trusted Device has completed an Intel ME Verification scan of the system with service tag G1CCLQ2 at 4/28/2021 2:56:08 PM. Result:Error. Tampering has been detected
未知錯誤
ME Verification failed and have an unknown error Event ID: 20 Level: Error Dell Trusted Device has completed an Intel ME Verification scan of the system with service tag G1CCLQ2 at 4/28/2021 2:56:08 PM. Result:Error. An unknown error has occurred
無效的參數
ME Verification issues a warning about invalid parameter Event ID: 19 Level: Warning Dell Trusted Device has completed an Intel ME Verification scan of the system with service tag G1CCLQ2 at 4/28/2021 2:56:08 PM. Result:Warning. The parameter is invalid
在 IoAs 中使用的 BIOS 屬性
注意:
- 螢幕擷取畫面為範例,可能無法直接反映特定平台的確切 BIOS 屬性。
- 此圖表是動態的,因為創建了其他 IoA。
| 伊奧阿斯 | BIOS 螢幕擷取畫面 |
|---|---|
| 安全開機 |  |
| Attempt LegacyBoot |  |
| 開機清單 |  |
| UEFIBootPathSecurity |  |
| AutoOSThresholdRecovery |  |
| 允許生物降級 |  |
| CapsuleFirmwareUpdate |  |
| BIOS 自動復原 |  |
| TPMActivation |  |
| TPM |  |
| TPMClear |  |
| TPMPpiClearOverride |  |
| 自動開啟 |  |
| WakeOnLAN |  |
| RemoteWipeInternalDrives |  |
| USBWake |  |
| 喚醒擴充基座 |  |
| TPMRemoteActivation | TBD |
| AdminPwMinLen |  |
| PwdMinLen | TBD |
| StrongPassword |  |
| AdminSetupLockout |  |
| BIOSAdminPwd | TBD |
| ClearBIOSLog | TBD |
| ClearPowerLog | TBD |
| 清除散熱記錄 | TBD |
| 清除機箱入侵警告 |  |
| 清除 DellRMTLog | TBD |
| 機箱入侵偵測報告 |  |
| 機箱入侵偵測 | N/A |
| 麥克風 |  |
如要聯絡支援部門,請參閱 Dell Data Security 國際支援電話號碼。
請前往 TechDirect,以線上產生技術支援要求。
如需更多深入見解與資源,請加入 Dell 安全性社群論壇。
Additional Information
Affected Products
OptiPlex, XPS, Latitude, XPS, XPS Tablets, Fixed Workstations, Mobile Workstations, Dell Trusted DeviceArticle Properties
Article Number: 000233967
Article Type: How To
Last Modified: 09 Oct 2024
Version: 2
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.