What is Intel Active Management Technology Profile Synchronization

Some preface info from communities.intel.com's "More information on the Wireless Profile Sync feature in Intel® AMT 6":

Intel® AMT firmware versions 6.0 and higher include the Wireless Profile Synchronization feature. This feature synchronizes the wireless profile set in the OS with the wireless profile set in the Intel® ME. This feature requires Intel® ProSet. When the user sets changes the wireless profile in the OS, Intel® ProSet will prompt the user to change the Intel® ME wireless profile to match the OS wireless profile.

Unless there is a scenario where it matters that this wireless connection information be backed up to an Intel location, I'd tell the application not to sync.

However, if this is a work laptop, ask your local IT staff. They may use AMT and may need that information to be synchronized. Or they may not use AMT (it comes on many systems using Intel hardware by default now) and this synchronization may be an unnecessary and potentially problematic security hole.

The issue is that with the sync there is information about the system going out to an uncontrolled location. So there are the following possible options:

  1. This is a personal computer and his only one, in which case why sync? In point of fact, the Intel wireless manager is needlessly complex for 99% of users.

  2. This is a personal computer and he has several similar units. If he wants to learn about AMT and manage his computers using it, great. Allow the sync and have fun. The work necessary to use AMT is pretty high. Intel has made the API available but really doesn't have systems that manage the toolset itself and is more making it available to third-third parties to integrate the capabilities into their own systems. The work necessary to simply add the profile to his other computers if necessary would be much less than the work necessary to set up and manage an AMT-based system's management scheme.

  3. This is a work computer and the IT dept doesn't use AMT for system's management, in which case this is sending information to an uncontrolled and unapproved third party. Even in an open and flexible environment this isn't a wise idea. It's easy enough to change the rule later to allow the sync if local IT decides to move this way.

  4. This is a work computer and the IT dept does use AMT for system's management, in which case they probably should have configured this exception to the local firewall application anyways.

TL;DR

Based on his question my first guess is that this is a personal computer. He's running a personal firewall application that is asking if AMT should be allowed to communicate with the outside world. In which case the answer is up to him.

However, it is very possible it's a business laptop and his local IT really should be providing an answer as to whether or not AMT ought to be allowed to sync.

Update: Disabling AMT

To disable AMT, you can simply remove the start up entries for it the program. This tutorial from Intel will show you how: https://web.archive.org/web/20151128223525/http://software.intel.com/en-us/blogs/2008/10/12/more-configurations-disabling-of-the-intel-amt-icon-part-4-in-the-intel-amt-software-series/

I do not recommend attempting to uninstall the software. There is a device and drive included in the install and the OS will start prompting for a driver for the then unrecognized device. So leave the software installed and just disable the start up entries as described in the link above.


Consider the MIGR-74274 registry patch from Lenovo:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Intel\Wireless\AT6]
"iAMTe"=dword:00000023

I have found this entry in the registry (the original value was a hexadecimal 3).
In the process of testing the patch.