I recently set up a new SER6 and reviewed bloatware / spyware / malware prior to connecting to the internet. There were quite a few posts asking about spyware, and given it's competitive price point, I was also a bit suspicious. I usually do a malware review before connecting any new device to the internet.
What I reviewed
- running processes and their signatures
- startup apps (Task Manager formerly msconfig)
- Installed Services
- Windows Features Enabled
- Partition Table Review (for malware)
- Local user accounts
- Confirm installed hardware components and brands met specifications.
- BIOS & Windows 11 Secure Boot, TPM & Enhanced Hardware Security settings (see Questionable)
tl;dr & verdict -- This Beelink is the cleanest windows machine I've purchased (including Dell, HP, Alienware). Nothing installed would be considered bloatware , spyware or malware. A few installed options (see Questionable, below) were probably added for user-acceptance testing.
- running processes were signed by Microsoft, AMD or Realtek. No unsigned apps running
- Nearly all services had a description and came from Microsoft
- Startup Apps were published my microsoft , AMD or Realtek. One exception (below)
- SSD utilization was good at 44GB (out of 1TB) . Only 3 partitions were present: EFI , Recovery & C: partition
- Only the setup user account was enabled. 3 other accounts were setup by Windows and disabled (Administrator, DefaultAccount, WDAGUtilityAccount)
- SSD (Crucial), Ram (Crucial), CPU (AMD) & Network Adapters (Intel) all met specifications.
Questionable but OK
- Startup App "BurninTest_Autorun" -- not signed/ no publisher. Seems to be part of passmark
- Suspicious Microsoft Services -- All Seem legitimate but were missing descriptions (a MS issue)
NPSMSvc_517fb-- Windows Media manager -- Now Playing service
WaaSMedicSvc-- Waas Medic agent, represents the Windows Update medic service.
McpManagementService-- McpManagementService is a Windows service that is responsible for managing Universal Print Management in Office 365
- Unnecessary Windows Features -- Official & safe features that I later disabled
- OpenSSH Server
- .Net 3.5 Support
- .Net Advanced Features / TCP Port Sharing
- SMB Direct Memory
- TPM Attestation = "Unavailable" & Memory Integrity was disabled, which disabled "Enhanced Hardware Security"
- I fixed this with (a) enable memory integrity (b) reset TPM using Windows
Bad but not Malicious * Windows Developer Mode was Enabled * EDIT: I revised Developer mode to “bad” as it opens up novice users to attacks. I don’t believe this was done as a back door because nothing seemed to be exploiting it.
EDIT: Added more hardware and software reviews to the results.