White Papers
BIOS Verification
Action Level
Event ID Task Category
Verification Passed Informational
9 1
Verification Failed Error
2 1
Image Captured Warning
1 2
Duplicate Image Capture Warning
2 2
No Image Found Informational
3 2
BIOS Events & Indicators of Attack
Action Level
Event ID Task Category
Indicator of Attack Cleared Informational
10 3
Partial Indicator of Attack Warning
11 3
Indicator of Attack Error
12 3
Security Risk Protection Score
Action
Level
Event ID Task Category
Pass Informational
13 4
Pass with warnings Warning
14 4
Fail Error
15 4
Registry
The Trusted Device agent's results are written to the registry each time the BIOS Verification agent is run. All BIOS Verification,
Image Capture, and BIOS Events & Indicators of Attack registry keys are located at HKLM\Software\Dell\TrustedDevice.
Off-host Verification
● This entry stores the pass and fail status of off-host verification in JSON format.
HKLM\Software\Dell\BiosVerification
Result.json
"biosVerification":"True"=Pass
"biosVerification":"False"=Fail
Image Capture
● This entry stores the location of the image store and is updated when the -updateimagestore parameter is used.
HKLM\Software\Dell\TrustedDevice
"ImagePathStore"=string
● Determine if an image was present on the last Image Capture run. This value will not exist if Image Capture has not run.
HKLM\Software\Dell\TrustedDevice
"ImagePresentOnLastRun"=DWORD
DWORD=1 - Image was present on last run.
28
Results, Troubleshooting, and Remediation