Thinkpads Forum

Hello Thinkpadders

Since I am not going to use this, I have completely, meaning permanently deactivated the Intel ME / AMT in the BIOS - also because there are certain security concerns about this, which have been reported on various occasions.

But now Win10 Pro shows a PCI device in the device manager that has not been installed, see screenshot, with the hardware IDs as follows:

- PCI\VEN_8086&DEV_1E3A&SUBSYS_21FB17AA&REV_04
- PCI\VEN_8086&DEV_1E3A&SUBSYS_21FB17AA
- PCI\VEN_8086&DEV_1E3A&CC_078000
- PCI\VEN_8086&DEV_1E3A&CC_0780

Questions

(1) Is it 100 percent certain that the Intel Management Engine (IME), the Intel Active Management Technology (AMT), or all so-called subsystems and all their relevant components are actually completely deactivated and could not be used externally under any circumstances (possibly improperly) in any way or for any purpose?

(2) Are these subsystems virtually destroyed by the BIOS intervention, or could they be reactivated by software, e.g. by a new BIOS intervention, i.e. a BIOS update or similar?

(3) If the BIOS shows that the Intel ME and AMT have been permanently deactivated ... how can it be that Windows still sees these devices?


Hope to get a good answer as even Lenovo themselves are very aware of it's potential security and or privacy implications.

Greetings, Norb

[Ran search on this topic, but couln''t find anything - but feel free to put it to another section if it better fits there]

hello norb,
please let me know your correct location.. wonderland USA is incorrect.. your IP points to switzerland.. nothing is more annoying than disrespect..
please do it NOW..
thanks

I just like to add that I am having similar problem as well with my used purchase, where those devices show up, and the mebx password is not admin so I have no way to access that menu. But it doesn't have a whole lot of effects, like no 30 minute shutdown problem or anything. I know AMT is enabled on mine for sure because Dell puts a sticker under the bottom hatch cover that says Intel AMT
Since mine is standard voltage Sandy bridge stuff and not soldered on, I just swapped in an i5-2410M which does not support VPro and then after a couple of self resets the devices disappeared. I just wonder if that actually automatically disables all of these for good

Norb27 wrote: ↑

Thu May 23, 2024 6:38 am

I have completely, meaning permanently deactivated the Intel ME / AMT in the BIOS - also because there are certain security concerns about this, which have been reported on various occasions.

Are you sure its deactivated in BIOS?
On my 1vyrain BIOS IME doesn't care what option I set - its still activated after each reboot.
How can one permanently deactivate IME in BIOS?