jason9755

ilukeberry
Hi,
 
Run this tool and check it: https://www.intel.com/content/www/us/en/download/19392/intel-converged-security-and-management-engine-version-detection-tool-intel-csmevdt.html

 
I dont use ME so I do not have the drivers/software installed but not sure if I'm still vulnerable?

Fixed image:

 
You need to embed the actual image, not a webpage where an image is embedded.

I've run the "Detection Tool" and it results in the statement "This System is vulnerable".  I'm no expert on this topic for sure and would like to know how we can protect our Systems in light of no BIOS updates from EVGA.  Reading the Intel Support docs associated with the Vulnerabilities from this Detection Tool result, Intel is clearly stating that is it EVGA's responsibility to provide updated Firmware.  Quote: "Contact your system or motherboard manufacturer regarding their plans for making the updates available to end users."
 
Seeing that EVGA is not providing us with any updated firmware, it would seem that we can (1) just take our chances or (2) dump these unsupported motherboards and buy something that is/will be supported.  Intel also lists all the Motherboard Companies that are providing Firmware updates and EVGA is not on that list. 
 
Purchasing the EVGA Z790 Classified (back in April of this year) was a mistake given their (perceived) abandonment of motherboard BIOS support.  I've been buying from EVGA for many years, but allegiance has its common-sense limits.  What I didn't think about (at the time of purchase) was that EVGA would totally abandon Z790 motherboard BIOS support so early while actively selling the product.  They could be liable for it in the future if any customers are actually harmed by lack of BIOS security updates.  Maybe the CEO needs to think about that potential problem that could follow him into the future.  EVGA made no statement about "buy at your own risk" or "no further BIOS updates will be released" to customers who were purchasing their Z790 series motherboards.
 
My 2-cents on this matter...

Hello. I decided to replace my Z790 Dark KP. I will get MSI Z90 ACE Max instead. I have an used 900D case and a 1080 Ti lying around. I set it up for my younger son. It won't be a simple task since my Z790 Dark KP main rig is a custom loop. I am doing some updates on the loop so I thought of replacing the board while I'm at it.

Did anyone contact their support regarding this issue? :D or they will say: "update for ME firmware has been requested"

Intel Management Engine is an embedded controller they put in the CPUs to add extra security to the chips. Here's their explanation:
 
 

The Intel® Management Engine is an embedded microcontroller (integrated on some Intel chipsets) running a lightweight microkernel operating system that provides a variety of features and services for Intel® processor–based computer systems.
What kind of features does Intel® Management Engine have?
Features include (but are not limited to):

• Low-power, out-of-band (OOB) management services
• Capability Licensing Service (CLS)
• Anti-Theft Protection
• Protected Audio Video Path (PAVP)

At system initialization, the Intel® Management Engine loads its code from system flash memory. This allows the Intel® Management Engine to be up before the main operating system is started. For run-time data storage, the Intel® Management Engine has access to a protected area of system memory (in addition to a small amount of on-chip cache memory for faster and more efficient processing).

A fundamental feature of the Intel® Management Engine is that its power states are independent of the host OS power states. This feature allows it to be up when the microprocessor and many other components of the system are in deeper sleep states. As a result, the Intel® Management Engine can be a fully functioning component as soon as power is applied to the system. This capability allows it to respond to OOB commands from the IT management console without having to wake up the rest of the system. Therefore, power consumption is reduced significantly.

 
For 99%+ of individual consumers, it is not needed and has no functional use. For IT professionals, it can add some benefits of theft prevention, license management, etc. It is something Intel has made for mostly business use and their tool that tells you if it's functional or "providing adequate protection" is going to tell you that you're not protected unless it's fully up to date and enabled. Whether that's important to you is your call. Just like "memory integrity" setting within Windows...you can enable it and make sure your CPU is less susceptible to exploits, but it also hinders performance (and functionality in some apps), so most gamers just disable it anyway.

That tool you're looking at is a closer example to antivirus software that tells you your system is not protected unless you buy their highest bloatware that they sell. Does it actually mean your computer is at risk? Probably not.
 
This is why there are plenty of people that just disable Intel ME anyway.

Good discussion...there's always something new to learn.  Digging into the bowels of "ME" seems akin to "do I take the red pill or the blue pill"...
 
I looked through the BIOS settings on my Z790 Classified for something related to "Intel ME".  Under Advanced, PCH Configuration I saw a setting for "ME Function" (enabled or disabled).  The on-screen note for this setting says "When disabled ME will be put into ME Temporarily Disabled Mode".  So, if we set that to "disabled" are we simply disabling "Intel Active Management Technology (AMT)"?  From what I've read, you can't disable ME, but could choose whether you want AMT to be running.  For me as just a home user, disabling AMT seems like a thing to do since I'm not interested (or want) a Remote Management Tool running on my PC that is more suited for an IT organization's needs.
 
But, I'm not completely clear on exactly what I'm actually "disabling" in that BIOS setting for this 790 motherboard.  My guess would be that I'm disabling "AMT" (not ME).  But when I'm not sure about a BIOS setting, I tend to not change things unless I know the exact effect/result.

texinga
Good discussion...there's always something new to learn.  Digging into the bowels of "ME" seems akin to "do I take the red pill or the blue pill"...
 
I looked through the BIOS settings on my Z790 Classified for something related to "Intel ME".  Under Advanced, PCH Configuration I saw a setting for "ME Function" (enabled or disabled).  The on-screen note for this setting says "When disabled ME will be put into ME Temporarily Disabled Mode".  So, if we set that to "disabled" are we simply disabling "Intel Active Management Technology (AMT)"?  From what I've read, you can't disable ME, but could choose whether you want AMT to be running.  For me as just a home user, disabling AMT seems like a thing to do since I'm not interested (or want) a Remote Management Tool running on my PC that is more suited for an IT organization's needs.
 
But, I'm not completely clear on exactly what I'm actually "disabling" in that BIOS setting for this 790 motherboard.  My guess would be that I'm disabling "AMT" (not ME).  But when I'm not sure about a BIOS setting, I tend to not change things unless I know the exact effect/result.

Intel® Management Engine (Intel® ME)

texinga
Good discussion...there's always something new to learn.  Digging into the bowels of "ME" seems akin to "do I take the red pill or the blue pill"...
 
I looked through the BIOS settings on my Z790 Classified for something related to "Intel ME".  Under Advanced, PCH Configuration I saw a setting for "ME Function" (enabled or disabled).  The on-screen note for this setting says "When disabled ME will be put into ME Temporarily Disabled Mode".  So, if we set that to "disabled" are we simply disabling "Intel Active Management Technology (AMT)"?  From what I've read, you can't disable ME, but could choose whether you want AMT to be running.  For me as just a home user, disabling AMT seems like a thing to do since I'm not interested (or want) a Remote Management Tool running on my PC that is more suited for an IT organization's needs.
 
But, I'm not completely clear on exactly what I'm actually "disabling" in that BIOS setting for this 790 motherboard.  My guess would be that I'm disabling "AMT" (not ME).  But when I'm not sure about a BIOS setting, I tend to not change things unless I know the exact effect/result.

 
Tex!!!! Long time no see. Good to see you.  Happy holidays and a happy new year to you.

Hey Bill...good to see that you are still on the Board.  I have fond memories of serving with a great EVGA Folding and Crunching Team.  Merry Christmas to you, God bless you and yours.
 
 
 
 

B0baganoosh
Intel Management Engine is an embedded controller they put in the CPUs to add extra security to the chips. Here's their explanation:
 
 

The Intel® Management Engine is an embedded microcontroller (integrated on some Intel chipsets) running a lightweight microkernel operating system that provides a variety of features and services for Intel® processor–based computer systems.
What kind of features does Intel® Management Engine have?
Features include (but are not limited to):

• Low-power, out-of-band (OOB) management services
• Capability Licensing Service (CLS)
• Anti-Theft Protection
• Protected Audio Video Path (PAVP)

At system initialization, the Intel® Management Engine loads its code from system flash memory. This allows the Intel® Management Engine to be up before the main operating system is started. For run-time data storage, the Intel® Management Engine has access to a protected area of system memory (in addition to a small amount of on-chip cache memory for faster and more efficient processing).

A fundamental feature of the Intel® Management Engine is that its power states are independent of the host OS power states. This feature allows it to be up when the microprocessor and many other components of the system are in deeper sleep states. As a result, the Intel® Management Engine can be a fully functioning component as soon as power is applied to the system. This capability allows it to respond to OOB commands from the IT management console without having to wake up the rest of the system. Therefore, power consumption is reduced significantly.

 
For 99%+ of individual consumers, it is not needed and has no functional use. For IT professionals, it can add some benefits of theft prevention, license management, etc. It is something Intel has made for mostly business use and their tool that tells you if it's functional or "providing adequate protection" is going to tell you that you're not protected unless it's fully up to date and enabled. Whether that's important to you is your call. Just like "memory integrity" setting within Windows...you can enable it and make sure your CPU is less susceptible to exploits, but it also hinders performance (and functionality in some apps), so most gamers just disable it anyway.

That tool you're looking at is a closer example to antivirus software that tells you your system is not protected unless you buy their highest bloatware that they sell. Does it actually mean your computer is at risk? Probably not.
 
This is why there are plenty of people that just disable Intel ME anyway.

 
Thank you, that's interesting. I only installed LAN, ME and WiFi on my Z690 Classified, next time I'll do the installation without ME. The less, the better.