White Papers

Results, Troubleshooting, and Remediation
This chapter details reviewing results, troubleshooting, and remediating a corrupt or tampered BIOS image.
Results
After running the BIOS Verification agent, results are written to C:\ProgramData\Dell\TrustedDevice\, the %ERRORLEVEL%
environment, the Event Viewer, and the registry.
%PROGRAMDATA%
The Trusted Device agent writes logs and JSON formatted results to C:\ProgramData\Dell\TrustedDevice\.
%ERRORLEVEL% Environment
The Trusted Device agent writes pass/fail results to the %ERRORLEVEL% environment. After running the agent, administrators
can query %ERRORLEVEL% to return the status of specific devices. The %ERRORLEVEL% return value can be compared
against the list of error codes in the table below.
Event Viewer
The Dell Trusted Device agent writes a new notification to the Event Viewer each run and at regular intervals. Find BIOS
Verification and Image Capture notifications in Event Viewer at:
Location
Source Type
Windows Logs > System Dell Trusted Device | BIOS Verification
Application and Service Logs >
Dell
Trusted Device | BIOS Verification
Find BIOS Events & Indicator of Attack notifications in Event Viewer at:
Location
Source Type
Windows Logs > System Dell Trusted Device | BIOS Events and
IoA
Application and Service Logs >
Dell
Trusted Device | BIOS Events and IoA
Find Security Risk Protection Score notifications in Event Viewer at:
Location
Source Type
Application and Service Logs >
Dell
Trusted Device | Security Assessment
Details pertaining to the events are listed in the General tab of Event Viewer. The following tables detail the BIOS Verification,
BIOS Events & Indicators of Attack, and Security Risk Protection Score in Event Viewer.
12
Results, Troubleshooting, and Remediation 27