ESET Moderators TomasP 318 Posted September 18, 2023 ESET Moderators Share Posted September 18, 2023 Dear ESET Forum Users, we'd love to hear your success stories! Can you share a positive quote about your experience with Intel Threat Detection Technology (TDT) in combination with ESET Endpoint solutions? How do you feel about this cooperation helping you thwart ransomware attacks? Responses may be published in joint ESET and Intel marketing materials. Quote Link to comment Share on other sites More sharing options...
itman 1,746 Posted September 18, 2023 Share Posted September 18, 2023 My own opinion here is Eset should commission SE Labs to perform ransomware testing as CloudStrike did: https://selabs.uk/reports/enterprise-advanced-security-ransomware-crowdstrike-2022-oct/ . New_Style_xd 1 Quote Link to comment Share on other sites More sharing options...
adulwahab 0 Posted September 21, 2023 Share Posted September 21, 2023 My experience with Intel Threat Detection Technology (Intel TDT) has been great. It saved my computer from a ransomware attack by quickly detecting and quarantining the malicious file. I highly recommend Intel TDT for computer protection. Quote Link to comment Share on other sites More sharing options...
AnthonyQ 51 Posted September 21, 2023 Share Posted September 21, 2023 Tbh, I haven't seen and tested this feature in action because Intel TDT was rarely triggered by the ransomware samples I tested. @adulwahab , would you be so kind as to share the hash of the sample that was detected by Intel TDT? Quote Link to comment Share on other sites More sharing options...
itman 1,746 Posted September 22, 2023 Share Posted September 22, 2023 (edited) On 9/21/2023 at 7:09 AM, AnthonyQ said: Tbh, I haven't seen and tested this feature in action because Intel TDT was rarely triggered by the ransomware samples I tested. I am going to use this comment as a "lead in" to separate "the fact vs. fiction" in regards to Intel TDT protection. I found an article that covers this subject in regards to ransomware protection that skips the technobabble usually associated with it. Below are the key excerpts from the article; Quote Intel has introduced its 13th Generation Core processor line, which the company claims is the first to build threat detection into hardware. In combination with endpoint detection and response (EDR) platforms from Intel partners, the new vPro processors promise a 70% reduction in attack surface compared to four-year-old PCs. Windows 11 systems can also take advantage of vPro’s memory encryption to provide better virtualization-based security. In tests conducted by SE Labs and commissioned by Intel, the vPro platform had 93% efficacy at detecting top ransomware attacks, a 24% improvement over software alone. Other tests conducted by IDC showed that vPro’s virtualization security could result in a 26% decline in “major” security breaches and 21% fewer impactful security events while improving security team efficiency by 17%. Intel TDT and EDR Antivirus and EDR solutions providers might run Intel’s models with the default configuration. More advanced vendors can add indicators from their own research to the ML inference configuration. Intel will deliver updates to partner vendors as new threats emerge. EDR providers with Intel TDT-enabled solutions include Crowdstrike, Microsoft, Trend Micro, Eset, Acronis, and Check Point. EDR solutions that are not Intel TDT-enabled should work as before with the new vPro systems but without the extra boost. “It’s always faster and more productive to do things in hardware than to try and simulate the same thing with software. With AI, that’s even more so,” says Gold. “AI-accelerated threat detection is a major advance over just looking at code and trying to see if it’s bad, as many antimalware solutions do. AI looks at the behavior and makes a judgment on the risk involved. That’s a major improvement over signature-based solutions.” Similarly, Intel TDT-enabled EDR solutions will run normally on non-vPro 13th-generation systems. “If the app sees a component (in this case vPro), it can leverage that component. If the component isn’t there, it still works but perhaps not as fast or as effectively,” says Gold. https://www.csoonline.com/article/574867/security-at-the-core-of-intel-s-new-vpro-platform.html Let's summarize; 1. Maximum Intel TDT protection is had on the vPro processor line with the greatest protection had on the 13th generation processor line running on Win 11. Of note is the 13th generation processors are the only ones which have TDT protection built within the processor circuitry. 2. In regards to how effective AV solutions that currently interface with Intel TDT vPro processor line are, please refer to this test; also referred to above, performed by SE Labs: https://selabs.uk/reports/enterprise-advanced-security-ransomware-intel-threat-detection-technology-2023-02/ . Of note are the following test results; a). The vast majority of ransomware protection is had by Intel TDT protection. b). AV software interfacing with Intel TDT protection added marginal detection capability; in the 3 - 5% range. 3. As far as how effective Intel TDT protection against ransomware is in older non-vPro processors with or without AV software interface is highlighted in bold red above. In other words, it is unknown. In regards to point 3.) until I see any definitive AV lab testing of these AV solutions using older non-vPro processors against ransomware, I consider that protection to be vaporware. Edited September 22, 2023 by itman Quote Link to comment Share on other sites More sharing options...
SeriousHoax 87 Posted September 22, 2023 Share Posted September 22, 2023 On 9/21/2023 at 11:25 AM, adulwahab said: My experience with Intel Threat Detection Technology (Intel TDT) has been great. It saved my computer from a ransomware attack by quickly detecting and quarantining the malicious file. I highly recommend Intel TDT for computer protection. On 9/21/2023 at 5:09 PM, AnthonyQ said: Tbh, I haven't seen and tested this feature in action because Intel TDT was rarely triggered by the ransomware samples I tested. @adulwahab , would you be so kind as to share the hash of the sample that was detected by Intel TDT? I'm 100% certain that this @adulwahabis a fake account aka bot that was created just to post a positive comment on this thread. It has to be either from ESET or Intel. The ChatGPT like writing style, the picture and the fact that it was the first and only post from that account so far is a clear giveaway. If you do an image search, you'll find this image on a random Indian website. It's also not hard (for me at least) to guess this person's religion just by looking at the photo which doesn't match with the name. Really poor and unnecessary marketing attempt. Regarding my Intel TDT experience, "I'm an AMD user". Quote Link to comment Share on other sites More sharing options...
itman 1,746 Posted September 22, 2023 Share Posted September 22, 2023 (edited) 49 minutes ago, SeriousHoax said: If you do an image search, you'll find this image on a random Indian website Two recent postings on the Kaspersky forum; also from yesterday; https://forum.kaspersky.com/topic/can-not-login-to-kaspersky-security-center-web-console-13-33006/?do=findComment&comment=145660 https://forum.kaspersky.com/topic/does-kaspersky-anti-ransomware-tool-require-access-to-internet-for-it-to-function-35980/?do=findComment&comment=145657 Here's one from 2016 where the photo was probably hijacked from: https://wajraoforce.in/wajra/50-kb-photo/ Edited September 22, 2023 by itman Quote Link to comment Share on other sites More sharing options...
SeriousHoax 87 Posted September 22, 2023 Share Posted September 22, 2023 (edited) 31 minutes ago, itman said: Two recent postings on the Kaspersky forum; also from yesterday; https://forum.kaspersky.com/topic/can-not-login-to-kaspersky-security-center-web-console-13-33006/?do=findComment&comment=145660 https://forum.kaspersky.com/topic/does-kaspersky-anti-ransomware-tool-require-access-to-internet-for-it-to-function-35980/?do=findComment&comment=145657 Here's one from 2016 where the photo was probably hijacked from: https://wajraoforce.in/wajra/50-kb-photo/ My assumption is somewhat wrong then probably. Maybe a troll or a random geek using new persona on security forums. Admins/Mods can delete my comments if required since it's a feedback thread. Edited September 22, 2023 by SeriousHoax Quote Link to comment Share on other sites More sharing options...
itman 1,746 Posted September 22, 2023 Share Posted September 22, 2023 (edited) Since the question of AMD processor use has come up, the above linked SE Labs test article has answered how effective was EDR software on that processor. It was 73%. Note that the report does not state what vendor EDR software; or all that interface with Intel vPro processors, was used in the test. However, it does illuminate the fact that base ransomware protections within these EDR solutions is no where as effective as claimed. Edited September 22, 2023 by itman Quote Link to comment Share on other sites More sharing options...
ESSPUSR 2 Posted May 23 Share Posted May 23 I have never heard about TDT. What is it and how to use it? Does it support 12 Gen Intel CPU:s? Just curious if it might be good for me? Quote Link to comment Share on other sites More sharing options...
itman 1,746 Posted May 23 Share Posted May 23 (edited) 2 hours ago, ESSPUSR said: I have never heard about TDT. What is it and how to use it? Does it support 12 Gen Intel CPU:s? Refer to these articles: https://www.intel.com/content/www/us/en/architecture-and-technology/vpro/hardware-shield/threat-detection-technology/detect-ransomware-solution-brief.html https://www.eset.com/us/eset-and-intel-keep-smbs-safe/ https://support.eset.com/en/kb8336-intel-threat-detection-technology-tdt-supported-processors#Intel-TDT The Eset supported processors article is dated and hasn't been updated to reflect all processors currently supported. If Eset supports your Intel processor, it will be shown as such in Advanced settings as noted here: https://forum.eset.com/topic/34256-intel-threat-detection-and-exploration-of-settings/?do=findComment&comment=158121 Edited May 23 by itman Peter Randziak and ESSPUSR 2 Quote Link to comment Share on other sites More sharing options...
itman 1,746 Posted May 23 Share Posted May 23 (edited) As far as how effective Intel TDT is against ransomware by itself, or when deployed w/EDR security software, refer to this AV lab test: https://selabs.uk/reports/enterprise-advanced-security-ransomware-intel-threat-detection-technology-2023-02/ . The report introduction notes the lab test was performed on a device with a vPro compatible processor. Maximum malware protection is had with Intel vPro firmware, software, and supported processor. The problem is vPro systems cost $$$$. Edited May 23 by itman Peter Randziak and ESSPUSR 2 Quote Link to comment Share on other sites More sharing options...
ESSPUSR 2 Posted May 23 Share Posted May 23 2 hours ago, itman said: Refer to these articles: https://www.intel.com/content/www/us/en/architecture-and-technology/vpro/hardware-shield/threat-detection-technology/detect-ransomware-solution-brief.html https://www.eset.com/us/eset-and-intel-keep-smbs-safe/ https://support.eset.com/en/kb8336-intel-threat-detection-technology-tdt-supported-processors#Intel-TDT The Eset supported processors article is dated and hasn't been updated to reflect all processors currently supported. If Eset supports your Intel processor, it will be shown as such in Advanced settings as noted here: https://forum.eset.com/topic/34256-intel-threat-detection-and-exploration-of-settings/?do=findComment&comment=158121 Thanks. My CPU was supported as I could enable the feature. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.