Intel Managment Engine: cut off internet access? - Overclock.net - An Overclocking Community
Forum Jump: 

Intel Managment Engine: cut off internet access?

Reply
 
Thread Tools
post #1 of 17 (permalink) Old 05-19-2020, 02:00 PM - Thread Starter
New to Overclock.net
 
8051's Avatar
 
Join Date: Apr 2014
Posts: 3,502
Rep: 30 (Unique: 21)
Intel Managment Engine: cut off internet access?

Would disabling and disconnecting a motherboard's on-board ethernet and using a USB-C to ethernet adapter effectively prevent the Intel Management Engine from connecting to the internet autonomously? Is there anyway to remove/disable the on-board WiFi (I've read that at least on my Asrock z390 Taichi it's some sort of M2 card)?
8051 is offline  
Sponsored Links
Advertisement
 
post #2 of 17 (permalink) Old 05-19-2020, 03:18 PM
New to Overclock.net
 
Cloudforever's Avatar
 
Join Date: Sep 2010
Location: Kentucky
Posts: 1,288
Rep: 60 (Unique: 46)
Quote: Originally Posted by 8051 View Post
Would disabling and disconnecting a motherboard's on-board ethernet and using a USB-C to ethernet adapter effectively prevent the Intel Management Engine from connecting to the internet autonomously? Is there anyway to remove/disable the on-board WiFi (I've read that at least on my Asrock z390 Taichi it's some sort of M2 card)?


why are you trying to go around and using a USB -C ? that doesnt make sense.

yeah, go into Network and Sharing center and disable your LAN and WLAN.

Go under (copy and paste this into your File Explorer ' Control Panel\Network and Internet\Network Connections ' right click on what you are trying to disable and disable. easy peasy.

Cloudforever is offline  
post #3 of 17 (permalink) Old 05-19-2020, 03:23 PM
Food Editor
 
skupples's Avatar
 
Join Date: Apr 2012
Location: Bradentucky
Posts: 24,512
Rep: 719 (Unique: 378)
he wants to disable intel's filter on EVERYTHING going out of the nic/wifi

as for disabling onboard wifi... there should be an option in the bios. that's your best & lowest level option.

Add me on Steam, same name
R.I.P. Zawarudo, may you OC angels' wings in heaven.
If something appears too good to be true, it probably is.
Best R0ach Quote of all time : TLDR: Haswell might be the last legit gaming platform unless mice get their own non-USB interface on some newer architecture.
skupples is offline  
Sponsored Links
Advertisement
 
post #4 of 17 (permalink) Old 05-19-2020, 04:01 PM
9 Cans of Ravioli
 
The Pook's Avatar
 
Join Date: May 2006
Posts: 18,433
Rep: 1390 (Unique: 720)
the M.2 Wifi card is under the I/O cover, look at your motherboard where the antennas plug into.



it's the same on the Z390 boards.

but why are you trying to disable IME by disabling WiFi? IME kicks in as soon as the board has power, it's on before the system even posts. it's what is stops non-K SKUs from booting above ~103 BCLK but lets K CPUs boot at >200. its functionality could care less about having access to the internet.

if you're set on disabling it then here you go but I have a feeling whatever you're trying to accomplish is being approached wrong, lol.

Intel i9 9900K Coffee Lake @ X8 5309mhz (+47.5%)
AMD FX-8320 Vishera @ X4 5022mhz (+43.5%)
Intel i5 4690K Haswell @ X4 5013mhz (+43.2%)
AMD X4 960T Zosma @ X6 4870mhz (+62.3%)
Intel i7 6700 Skylake @ X4 4709mhz (+38.5%)
Intel i5 6400 Skylake @ X4 4588mhz (+69.9%)
2 OP pls nerf
(24 items)
NUC U
(10 items)
CPU
i9 9900K
Motherboard
AsRock Z390 Taichi
GPU
MSI GTX 1080 Ti
RAM
G.Skill DDR4 4133 32GB
Hard Drive
XPG SX8200 Pro NVMe 2TB
Hard Drive
HP EX950 NVMe 2TB
Hard Drive
2x Samsung 860 1TB RAID 0
Hard Drive
Toshiba X300 5TB
Hard Drive
Western Digital EZRZ 3TB
Power Supply
Seasonic Focus Plus Gold 750w
Cooling
Corsair H115i Pro
Cooling
Raijintek Morpheus II
Case
Fractal Design Meshify S2
Operating System
Windows 10 Education x64
Monitor
Acer XF270HU 27" 1440p
Monitor
LG 24UD58 24" 4K
Keyboard
CoolerMaster MK730 (MX Blue)
Mouse
Glorious Model D
Mousepad
X-Ray 27" x 14"
Audio
Klipsch PowerGate + Schiit Hel
Audio
Micca RB42
Audio
Philips Fidelio X2
Audio
Philips SHP9500S
Audio
Audio Technica ATH-M50X
CPU
i3 8109U
Motherboard
Intel NUC8i3BEH
GPU
Iris Plus 655
RAM
Kingston DDR4 2400 16GB
Hard Drive
Mushkin Pilot NVMe 1TB
Hard Drive
SanDisk Ultra II 480GB
Operating System
Windows 10 Professional
Operating System
MX Linux
Keyboard
Dierya DK63-BT 60% (Outemu Blue)
Mouse
Logitech G603 Wireless
CPU
i7 860
Motherboard
Gigabyte GA-H55N ITX
GPU
EVGA GTX 950 2GB
RAM
G.Skill DDR3-2133 8GB
Hard Drive
Dierya 120GB SSD
Hard Drive
Seagate Momentus 2.5" 500GB
Power Supply
Silverstone SFX-L Gold 500w
Cooling
Arctic Alpine 11 GT 2
Case
Silverstone Milo Z ML07B
Operating System
Windows XP x86 SP3
Keyboard
CoolerMaster MasterKeys Pro S (Browns)
Mouse
Logitech M512
▲ hide details ▲



Last edited by The Pook; 05-19-2020 at 04:09 PM.
The Pook is online now  
post #5 of 17 (permalink) Old 05-19-2020, 04:17 PM
Overclocker
 
JackCY's Avatar
 
Join Date: Jun 2014
Posts: 10,819
Rep: 358 (Unique: 255)
On some models I think it's possible to rip the whole thing out but it's more of a DIY hackery if that IME bothers you so much that a router filter is not enough for networking purposes.
JackCY is offline  
post #6 of 17 (permalink) Old 05-19-2020, 04:30 PM - Thread Starter
New to Overclock.net
 
8051's Avatar
 
Join Date: Apr 2014
Posts: 3,502
Rep: 30 (Unique: 21)
You can't block Intel's Management Engine -- it works as long as the board has power and can initiate it's own TCP/IP connections, but what the f*ck for is what I want to know and why Intel is completely and deliberately mum about it (as well as why it can't be disabled). Why does it need to have the ability to phone home autonomously? And to whom? It's the perfect back door because nothing in the OS can stop it, it's out-of-band management. It can negotiate TCP/IP connections all on its own -- regardless of whether the OS is running or not.

I figure a USB-to-ethernet adapter without OS drivers is something the Intel Management Engine can't utilize.
8051 is offline  
post #7 of 17 (permalink) Old 05-19-2020, 04:32 PM - Thread Starter
New to Overclock.net
 
8051's Avatar
 
Join Date: Apr 2014
Posts: 3,502
Rep: 30 (Unique: 21)
Quote: Originally Posted by JackCY View Post
On some models I think it's possible to rip the whole thing out but it's more of a DIY hackery if that IME bothers you so much that a router filter is not enough for networking purposes.
How can you filter your own computer? It uses the exact same ethernet ports built into your computer -- along w/the exact, same MAC addresses.
8051 is offline  
post #8 of 17 (permalink) Old 05-19-2020, 04:36 PM
OCN is bad civilization
 
Melan's Avatar
 
Join Date: Feb 2015
Location: 0,0
Posts: 3,377
Rep: 116 (Unique: 87)
You could just delete* IME from BIOS altogether. Win-raid is your friend.

*Remove or disable IME firmware in boot ROM depending on generation.

Last edited by Melan; 05-19-2020 at 05:19 PM. Reason: Clarification
Melan is offline  
post #9 of 17 (permalink) Old 05-19-2020, 04:39 PM
Graphics Junkie
 
UltraMega's Avatar
 
Join Date: Feb 2017
Location: USA
Posts: 1,957
Rep: 54 (Unique: 49)
Quote: Originally Posted by 8051 View Post
You can't block Intel's Management Engine -- it works as long as the board has power and can initiate it's own TCP/IP connections, but what the f*ck for is what I want to know and why Intel is completely and deliberately mum about it (as well as why it can't be disabled). Why does it need to have the ability to phone home autonomously? And to whom? It's the perfect back door because nothing in the OS can stop it, it's out-of-band management. It can negotiate TCP/IP connections all on its own -- regardless of whether the OS is running or not.

I figure a USB-to-ethernet adapter without OS drivers is something the Intel Management Engine can't utilize.
Intel IME is kinda like a BIOS. It has some basic info that help the CPU work how it's supposed to as well as security properties. I believe it can access the internet because it can update itself, but not too sure. I do know it's nothing to worry about and has been around forever.

https://www.howtogeek.com/334013/int...side-your-cpu/

4K Rig
(7 items)
CPU
Intel 7700k @4.2ghz
GPU
Zotec 1080 Ti
RAM
16GB 3200mhz DDR4
Hard Drive
250GB nvme + 500GB SSD + 4TB HDD
Monitor
Samsung 4K 65 inch TV
Monitor
Pixio PX276 27inch 144Hz 1ms 1440p
Audio
Sound Blaster z
▲ hide details ▲
UltraMega is offline  
post #10 of 17 (permalink) Old 05-19-2020, 04:42 PM
Food Editor
 
skupples's Avatar
 
Join Date: Apr 2012
Location: Bradentucky
Posts: 24,512
Rep: 719 (Unique: 378)
even better! just rip the damn mobile chip right outta the board (glad they still aren't soldering them in)

seriously though... pretty sure pre-azure SCCM used to be able to take advantage of IME/AMT to communicate with out of band devices. so if its an obscure security concern, he's not the only one.

Add me on Steam, same name
R.I.P. Zawarudo, may you OC angels' wings in heaven.
If something appears too good to be true, it probably is.
Best R0ach Quote of all time : TLDR: Haswell might be the last legit gaming platform unless mice get their own non-USB interface on some newer architecture.

Last edited by skupples; 05-19-2020 at 04:48 PM.
skupples is offline  
Reply

Quick Reply
Message:
Options

Register Now

In order to be able to post messages on the Overclock.net - An Overclocking Community forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
User Name:
If you do not want to register, fill this field only and the name will be used as user name for your post.
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:

Log-in



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page


Forum Jump: 

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off