What is Intel Security Assist?

I'm installing Windows 10 and removing bloatware.

What does Intel Security Assist do, and why is it installed? Also, (how) does it relate to the IME, and is it reasonable to believe that it provides/facilitates the provision of back-doors into the OS. (After nearly a year, I've still been unable to find any meaningful information about it in Google)

Update - This question has been viewed over 26000 times, and is one of the first results when looking for but no meaningful answer, so I'm adding a bounty.

Old Update - There have been some answers below confirming its part of the IME platform, but this does explain what the benefits / utility of the program is (particularly to the user).


Intel Security Assist (ISA) is part of Intel Active Management Technology (AMT) defined as :

Intel Active Management Technology (AMT) is hardware and firmware technology for remote out-of-band management of personal computers, in order to monitor, maintain, update, upgrade, and repair them.
...
Intel AMT includes hardware-based remote management, security, power management, and remote configuration features that enable independent remote access to AMT-enabled PCs.

According to some reports, ISA connects once a week to Intel servers and passes on some unknown information.

It is not an essential service. On the Dell computer on which I'm writing this answer, ISA was not even installed for Windows 10, although Intel(R) Management and Security Applications are indeed installed.

AMT and ISA are suspected of using a hardware component which is baked into all post-2006 Intel boards and which can be used to remotely control the computer. This hardware component is enabled or not when the motherboard is manufactured and an access key is baked into it via a certificate. Its presence and possible access are at the discretion of the manufacturer, but I would guess that it would normally not be enabled for consumer-grade motherboards, being more enterprise-oriented.

AMT was intended to give enterprise IT managers greater control over the machines on their network, which it did in a big way. Starting with AMT 6.0, it includes KVM Remote Control to give IT administrators complete access to the keyboard, video, and mouse of a target client. In AMT 7.0, Intel makes it possible to use a 3G cellular signal to send a remote kill command for deactivating a stolen computer.

However, it is not AMT but ISA which is the subject here.
To answer the questions raised by davidgo :

What it does

Nobody really knows, but it probably passes some statistics to Intel. It is unknown (but possible) whether it can accept commands from Intel for active interference, but no such reports exist.

Why it is installed by Microsoft by Default

It is not installed by Microsoft by default. It might be pre-installed by the manufacturer of the computer, and this might possibly indicate that AMT is activated in the hardware.

What security implications it has

Probably none. It is not ISA which can serve as an attack vector, but rather AMT. There are many reports from users who disabled or uninstalled ISA with no ill effects, so it seems rather harmless.

As further information, the Intel Management Engine is activated in a compatible PC’s BIOS, which gains one access to several BIOS functions, but not before a password is set:

AMT image 1

Within these same BIOS screens, you can perform several different low-level AMT-related configuration tasks, mostly related to when AMT is activated as a function of the current computer power-level. If your BIOS has no Intel ME entries, then probably AMT was not enabled by the motherboard manufacturer.

If you would like to disable the hardware component of AMT, the GitHub project me_cleaner might help, but there is already a chance that it is disabled. I also quote this from the project, which I actually take as a warning against an unsuccessful hack:

Starting from Nehalem the Intel ME firmware can't be removed anymore: without a valid firmware the PC shuts off forcefully after 30 minutes. This project is an attempt to remove as much code as possible from such firmware without falling into the 30 minutes recovery mode.

Conclusion: ISA in my opinion is harmless. It can be blocked in the firewall or its system service can be disabled with no harmful effects. I would not advise on its uninstallation, because reinstalling it back might be difficult.

References :

  • MINIX — The most popular OS in the world, thanks to Intel
  • Intel vPro: Three Generations Of Remote Management
  • Intel's Management Engine is a security hazard, and users need a way to disable it
  • Researchers say Intel's Management Engine feature can be switched off
    (points to the me_cleaner project)

What does Intel Security Assist do

It is a service that is installed and enabled when Intel's Management Engine is installed. As for its specific purpose: given IME's strong ties to server-level hardware, and the lack of specific documentation on Intel's website, I suspect it has something to do with hardware-level anti-tampering detecting supported by the CPU itself.

why is it installed?

Intel Security Assist is simply a component of the Intel Management Engine which you happen to have installed.

The Intel Management Engine (Intel ME) refers to the hardware features that operate at the baseboard level, below the operating system. By enabling interaction with low-level hardware, Intel gives administrators the ability to perform tasks that previously required someone to be physically present at the desktop.

Intel vPro: Three Generations Of Remote Management

The Management Engine is connected to Intel Active Management Technology (AMT).

Intel Active Management Technology (AMT) is hardware and firmware technology for remote out-of-band management of personal computers, in order to monitor, maintain, update, upgrade, and repair them. Out-of-band (OOB) or hardware-based management is different from software-based (or in-band) management and software management agents.

Intel Active Management Technology.


Do not worry about any "Security Assist" or AMT or any other operating system component. You are screwed anyway.

From wikipedia article:

"Almost all AMT features are available even if the PC is in a powered-off state but with its power cord attached, if the operating system has crashed, if the software agent is missing"

Thus, the "Out-Of_Band" channel operates from Standby (always-on) voltage, and hidden network access is always on.

So, no matter if you remove any "malware" or other services from your OS, external "manager" can do almost anything it wants with your PC. Enjoy modern technology.