White Papers
Results, Troubleshooting, and Remediation
This chapter details reviewing results, troubleshooting, and remediating a corrupt or tampered BIOS image.
Results
After running the BIOS Verification agent, results are written to C:\ProgramData\Dell\TrustedDevice\, the %ERRORLEVEL%
environment, the Event Viewer, and the registry.
%PROGRAMDATA%
The Trusted Device agent writes logs and JSON formatted results to C:\ProgramData\Dell\TrustedDevice\.
%ERRORLEVEL% Environment
The Trusted Device agent writes pass/fail results to the %ERRORLEVEL% environment. After running the agent, administrators can
query %ERRORLEVEL% to return the status of specific devices. The %ERRORLEVEL% return value can be compared against the list of
error codes in the table below.
Event Viewer
The Dell Trusted Device agent writes a new notification to the Event Viewer each run and at regular intervals. Find BIOS Verification and
Image Capture notifications in Event Viewer under Application and Service Logs > Dell with Source type BiosVerification. Find BIOS
Events & Indicator of Attack notifications in Event Viewer under Windows Logs > System with Source type Trusted Device. Details
pertaining to the events are listed in the General tab of Event Viewer. The following tables detail the BIOS Verification and BIOS Events &
Indicators of Attack in Event Viewer.
BIOS Verification
Action
Level
Event ID Task Category
Verification Passed Warning
3 1
Verification Failed Error
2 1
Image Captured Warning
1 2
Duplicate Image Capture Warning
2 2
No Image Found Informational
3 2
BIOS Events & Indicators of Attack
Action
Level
Event ID Task Category
Partial Indicator of Attack Warning
1001 1
Indicator of Attack Error
1002 1
9
20 Results, Troubleshooting, and Remediation