We want to hear your Intel Threat Detection Technology experience!

[TomasP 316]

Dear ESET Forum Users, we'd love to hear your success stories!

Can you share a positive quote about your experience with Intel Threat Detection Technology (TDT) in combination with ESET Endpoint solutions? How do you feel about this cooperation helping you thwart ransomware attacks?

Responses may be published in joint ESET and Intel marketing materials.

[itman 1,659]

My own opinion here is Eset should commission SE Labs to perform ransomware testing as CloudStrike did: https://selabs.uk/reports/enterprise-advanced-security-ransomware-crowdstrike-2022-oct/ .

[adulwahab 0]

My experience with Intel Threat Detection Technology (Intel TDT) has been great. It saved my computer from a ransomware attack by quickly detecting and quarantining the malicious file. I highly recommend Intel TDT for computer protection.

[AnthonyQ 48]

Tbh, I haven't seen and tested this feature in action because Intel TDT was rarely triggered by the ransomware samples I tested.

@adulwahab , would you be so kind as to share the hash of the sample that was detected by Intel TDT?

[itman 1,659]

On 9/21/2023 at 7:09 AM, AnthonyQ said:

Tbh, I haven't seen and tested this feature in action because Intel TDT was rarely triggered by the ransomware samples I tested.

I am going to use this comment as a "lead in" to separate "the fact vs. fiction" in regards to Intel TDT protection.

I found an article that covers this subject in regards to ransomware protection that skips the technobabble usually associated with it. Below are the key excerpts from the article;

Quote

Intel has introduced its 13th Generation Core processor line, which the company claims is the first to build threat detection into hardware. In combination with endpoint detection and response (EDR) platforms from Intel partners, the new vPro processors promise a 70% reduction in attack surface compared to four-year-old PCs. Windows 11 systems can also take advantage of vPro’s memory encryption to provide better virtualization-based security.

In tests conducted by SE Labs and commissioned by Intel, the vPro platform had 93% efficacy at detecting top ransomware attacks, a 24% improvement over software alone. Other tests conducted by IDC showed that vPro’s virtualization security could result in a 26% decline in “major” security breaches and 21% fewer impactful security events while improving security team efficiency by 17%.

Intel TDT and EDR

Antivirus and EDR solutions providers might run Intel’s models with the default configuration. More advanced vendors can add indicators from their own research to the ML inference configuration. Intel will deliver updates to partner vendors as new threats emerge.

EDR providers with Intel TDT-enabled solutions include Crowdstrike, Microsoft, Trend Micro, Eset, Acronis, and Check Point. EDR solutions that are not Intel TDT-enabled should work as before with the new vPro systems but without the extra boost. “It’s always faster and more productive to do things in hardware than to try and simulate the same thing with software. With AI, that’s even more so,” says Gold. “AI-accelerated threat detection is a major advance over just looking at code and trying to see if it’s bad, as many antimalware solutions do. AI looks at the behavior and makes a judgment on the risk involved. That’s a major improvement over signature-based solutions.”

Similarly, Intel TDT-enabled EDR solutions will run normally on non-vPro 13th-generation systems. “If the app sees a component (in this case vPro), it can leverage that component. If the component isn’t there, it still works but perhaps not as fast or as effectively,” says Gold.

https://www.csoonline.com/article/574867/security-at-the-core-of-intel-s-new-vpro-platform.html

Let's summarize;

1. Maximum Intel TDT protection is had on the vPro processor line with the greatest protection had on the 13th generation processor line running on Win 11. Of note is the 13th generation processors are the only ones which have TDT protection built within the processor circuitry.

2. In regards to how effective AV solutions that currently interface with Intel TDT vPro processor line are, please refer to this test; also referred to above, performed by SE Labs: https://selabs.uk/reports/enterprise-advanced-security-ransomware-intel-threat-detection-technology-2023-02/ . Of note are the following test results;

a). The vast majority of ransomware protection is had by Intel TDT protection.

b). AV software interfacing with Intel TDT protection added marginal detection capability; in the 3 - 5% range.

3. As far as how effective Intel TDT protection against ransomware is in older non-vPro processors with or without AV software interface is highlighted in bold red above. In other words, it is unknown.

In regards to point 3.) until I see any definitive AV lab testing of these AV solutions using older non-vPro processors against ransomware, I consider that protection to be vaporware.

Edited September 22, 2023 by itman

[SeriousHoax 83]

On 9/21/2023 at 11:25 AM, adulwahab said:

My experience with Intel Threat Detection Technology (Intel TDT) has been great. It saved my computer from a ransomware attack by quickly detecting and quarantining the malicious file. I highly recommend Intel TDT for computer protection.

 

On 9/21/2023 at 5:09 PM, AnthonyQ said:

Tbh, I haven't seen and tested this feature in action because Intel TDT was rarely triggered by the ransomware samples I tested.

@adulwahab , would you be so kind as to share the hash of the sample that was detected by Intel TDT?

I'm 100% certain that this @adulwahabis a fake account aka bot that was created just to post a positive comment on this thread. It has to be either from ESET or Intel. The ChatGPT like writing style, the picture and the fact that it was the first and only post from that account so far is a clear giveaway. If you do an image search, you'll find this image on a random Indian website. It's also not hard (for me at least) to guess this person's religion just by looking at the photo which doesn't match with the name. 

Really poor and unnecessary marketing attempt. 

Regarding my Intel TDT experience, "I'm an AMD user". 

[itman 1,659]

49 minutes ago, SeriousHoax said:

If you do an image search, you'll find this image on a random Indian website

Two recent postings on the Kaspersky forum; also from yesterday;

https://forum.kaspersky.com/topic/can-not-login-to-kaspersky-security-center-web-console-13-33006/?do=findComment&comment=145660

https://forum.kaspersky.com/topic/does-kaspersky-anti-ransomware-tool-require-access-to-internet-for-it-to-function-35980/?do=findComment&comment=145657

Here's one from 2016 where the photo was probably hijacked from: https://wajraoforce.in/wajra/50-kb-photo/

 

Edited September 22, 2023 by itman

[SeriousHoax 83]

31 minutes ago, itman said:

Two recent postings on the Kaspersky forum; also from yesterday;

https://forum.kaspersky.com/topic/can-not-login-to-kaspersky-security-center-web-console-13-33006/?do=findComment&comment=145660

https://forum.kaspersky.com/topic/does-kaspersky-anti-ransomware-tool-require-access-to-internet-for-it-to-function-35980/?do=findComment&comment=145657

Here's one from 2016 where the photo was probably hijacked from: https://wajraoforce.in/wajra/50-kb-photo/

 

My assumption is somewhat wrong then probably. Maybe a troll or a random geek using new persona on security forums. 

Admins/Mods can delete my comments if required since it's a feedback thread. 

Edited September 22, 2023 by SeriousHoax

[itman 1,659]

Since the question of AMD processor use has come up, the above linked SE Labs test article has answered how effective was EDR software on that processor. It was 73%. Note that the report does not state what vendor EDR software; or all that interface with Intel vPro processors, was used in the test. However, it does illuminate the fact that base ransomware protections within these EDR solutions is no where as effective as claimed.

Edited September 22, 2023 by itman