Skip to main content
Start a Conversation

Solved!

Go to Solution

pigulator

1 Rookie

 • 

14 Posts

119

May 27th, 2025 02:18

Dell Trusted Device won't clear IoA warning.

Dell 7010, Indicators of Attack warning. I solved all issues found in Windows logs days ago. No new Indicators of Attack. But every reboot shows the same old Indicators of Attack from days ago. So I tried deleting all log entries about Dell Trusted Device, but after rebooting they are back in the log. There are no new log entries for errors or warnings. Dell Trusted Device continues to show Indicators of Attack. Where else can I look for the problem?

1 person also has this problem

pigulator

1 Rookie

 • 

14 Posts

May 30th, 2025 13:04

I did an OS complete reinstall using the SupportAssist OS Recovery in the BIOS menu. I selected delete all files and apps. I installed all Dell updates and the Dell Trusted Device. But partial IoA indicators was still active.

Then I did a fresh Windows 11 install from a USB with an image downloaded from Microsoft. I installed only Trusted Device. Now the IoA indicators are cleared. I think when Dell is in control of reinstalling the OS it retains the Trusted Device data from the old installation. Using the MS image solved the problem but I did not find the reason for the cause of the IoA.

pigulator

1 Rookie

 • 

14 Posts

May 27th, 2025 10:29

  <Private data removed from public view. DELL-Admin>

Three days ago I disabled these settings.
PLDM_UsbWake enabled
PLDM_CapsuleFirmwareUpdate enabled

Are these warnings supposed to be cleared before the Partial Indicators of Attack is cleared?


Strangely these are enabled by the Default and Factory BIOS setting. From Application and Service Logs > Dell Trusted Device:

Information
BIOS Verification : 0 (Success)
------------------
Information
Dell Trusted Device has completed an Intel ME Verification scan of the system at 05/27/2025 08:21 AM.
         
Result: PASSED
------------------
Information
A partial Indicator of Attack has been cleared (Category: Remote Attack).
------------------
Warning
A partial Indicator of Attack was detected (Category: Remote Attack) based on the following events:
	PLDM_UsbWake enabled, 5/24/2025 4:28:22
	PLDM_CapsuleFirmwareUpdate enabled, 5/24/2025 23:16:26
------------------
Information
An Indicator of Attack has been cleared (Category: Chassis Intrusion).
------------------
Error
An Indicator of Attack was detected (Category: Chassis Intrusion) based on the following events:
	PLDM_ChasIntrusion disabled, 5/24/2025 23:16:26
------------------
Information
An Indicator of Attack has been cleared (Category: Chassis Intrusion).
------------------
Error
An Indicator of Attack was detected (Category: Chassis Intrusion) based on the following events:
	ChassisIntrusionSensorState tripped, 5/24/2025 4:18:56
------------------
Error
An Indicator of Attack was detected (Category: BIOS Log Tampering) based on the following events:
	ChassisIntrusionSensorState reset, 5/25/2025 0:04:20
------------------
Information
An Indicator of Attack has been cleared (Category: Authentication Tampering).
------------------
Error
An Indicator of Attack was detected (Category: Authentication Tampering) based on the following events:
	PLDM_StrongPassword disabled, 5/24/2025 4:28:22
------------------
Information
Dell Trusted Device has completed a Common Vulnerabilities and Exposures (CVE) scan of the system at 05/27/2025 08:21 AM.

Result: SUCCESS

BIOS Dell Security Advisory Count: 0
------------------
Warning
Dell Trusted Device has completed a Secured Component Verification scan of the system at 05/27/2025 08:21 AM.
         
Result: ERROR. Platform not currently supported
------------------
Information
BIOS Verification : 0 (Success)
------------------
Information
Dell Trusted Device has completed an Intel ME Verification scan of the system at 05/27/2025 08:17 AM.
         
Result: PASSED
------------------
Information
A partial Indicator of Attack has been cleared (Category: Remote Attack).
------------------
Warning
A partial Indicator of Attack was detected (Category: Remote Attack) based on the following events:
	PLDM_UsbWake enabled, 5/24/2025 4:28:22
	PLDM_CapsuleFirmwareUpdate enabled, 5/24/2025 23:16:26
------------------
Information
An Indicator of Attack has been cleared (Category: Chassis Intrusion).
------------------
Error
An Indicator of Attack was detected (Category: Chassis Intrusion) based on the following events:
	PLDM_ChasIntrusion disabled, 5/24/2025 23:16:26
------------------
Information
An Indicator of Attack has been cleared (Category: Chassis Intrusion).
------------------
Error
An Indicator of Attack was detected (Category: Chassis Intrusion) based on the following events:
	ChassisIntrusionSensorState tripped, 5/24/2025 4:18:56
------------------
Error
An Indicator of Attack was detected (Category: BIOS Log Tampering) based on the following events:
	ChassisIntrusionSensorState reset, 5/25/2025 0:04:20
------------------
Information
An Indicator of Attack has been cleared (Category: Authentication Tampering).
------------------
Error
An Indicator of Attack was detected (Category: Authentication Tampering) based on the following events:
	PLDM_StrongPassword disabled, 5/24/2025 4:28:22
------------------
Information
Dell Trusted Device has completed a Common Vulnerabilities and Exposures (CVE) scan of the system at 05/27/2025 08:17 AM.

Result: SUCCESS

BIOS Dell Security Advisory Count: 0
------------------
Warning
Dell Trusted Device has completed a Secured Component Verification scan of the system at 05/27/2025 08:17 AM.
         
Result: ERROR. Platform not currently supported

(edited)

Was this post helpful?

View All

No Events found!

Top