Intel AMT Features > Access Monitor > Detailed Description > Comparison of Access Monitor Pre-8.0 and Release 8.0

Comparison of Access Monitor Pre-8.0 and Release 8.0

Starting with Release 8.0, the Auditor feature has been simplified and enabled by default with pre-defined security-related events.  Following is a comparison of activities and feature behaviors in pre-8.0 releases compared with Release 8.0.


Pre-8.0 Releases

Release 8.0

Auditor User definition

Single Auditor

Must be defined by administrator.

All administrators are implicit Auditors until an Auditor is explicitly defined.

Signing key material set

Prerequisite to enabling Audit Log feature.

Prerequisite to export audit log.

Event selection for logging

Each event must be selected for logging

All events in the following event groups are enabled by default:

     Security Admin Events (except Flash Wear-Out Counters Reset (ID=15) and Power Package Modified (ID=16) events)

     Remote Control Events

     Redirection Manager Events

     Firmware Update Manager Events

     Security Audit Log Events

     Network Time Events

     KVM Events

     User Opt-In Events

Audit events collection

Begins after defining both signing key material and an Auditor and then selecting events to monitor

Collection is enabled by default before configuration begins.


Unconfiguring is blocked if auditing is enabled.

The audit log is erased and all ACL entries are deleted, including the Auditor.

Unconfiguring is only blocked while an Auditor is defined in the system.

The audit log is not erased and the unprovisioning event is logged at the beginning of the unprovision flow.


Copyright © 2006-2022, Intel Corporation. All rights reserved.