Meshcentral - Secure Intel AMT IDE-R Virus Scan

Meshcentral continues to lead the way in cloud based security usages. Thanks to work from Jacob Gauthier, Meshcentral can now securely boot a trusted Linux operating system using Intel® AMT IDE-R and perform a AV scan of all attached disks on a remote system over the cloud. That is right, we now extended the Intel AMT IDE redirect feature of Meshcentral so that you could use it to trigger a trusted remote AV scan. Why is this interesting?

In most cases, anti-virus software run on the same operating system that is the target of viruses and malware. A better way to go is to boot a separate trusted operating system that would then scan the drives. The operating system would have to be sent over a trusted channel and use a set of tools that are downloaded and integrity checked. Today, we are announcing that we did just that. We use Intel AMT IDE Redirect feature as a way to remotely boot a trusted operating system, we then download ClamAV an open source anti-virus software that then automatically runs on all attached drives. This new feature builds on top of the Meshcentral cloud IDE-R support we announced a few weeks ago. The trusted Linux operating system is built on-the-fly into a single use ISO image that is then sent over the cloud to the target machine. Intel AMT is required to make all this work.

Jacob Gauthier built an innovative “package stuffing” system. Once the basic recovery OS is running, we want to try to limit IDE-R data transfer to boost boot speed. The recovery OS will check local disk storage or HTTP or IDE-R to get required application packages. The recovery OS checks the package hashes and pushes packages into local storage for future use. As a result, you always get the fastest possible boot speed over the cloud with the remote computer locally caching much of the data.

Check out our video demonstration and talk on this new feature:

    Youtube: Overview of Meshcentral support for IDE-R (6 minutes)

With this release, Meshcentral continues blaze the path forward for innovative security usages. With just a few clicks, administrators can remotely run fully secure AV scans on machines. Intel AMT IDE-R session works over CIRA or agent relay making it easier than ever to perform an out-of-band AV scan over the cloud.

Questions and feedback appreciated,
Ylian Saint-Hilaire

In this YouTube video, Jacob Gauthier and myself demonstrate and talk about
Meshcentral Intel® AMT IDE-R feature and the new package stuffing system for accelerated boot.

Performing a trusted AV scan on a remote machine over the cloud has never been easier. With just a few
clicks you can remotely boot and launch a the scan using a fully verified trusted recovery OS.

Meshcentral uses an innovative “package stuffing” system to keep the IDE-R session fast.
Usage packages like anti-virus and others are pulled from local disk, HTTP or IDER-R and hash checked.
If downloaded & validated, they are pushed back into local storage for future use.

For more complete information about compiler optimizations, see our Optimization Notice.