I recently set up a new SER6 and reviewed bloatware / spyware / malware prior to connecting to the internet. There were quite a few posts asking about spyware, and given it’s competitive price point, I was also a bit suspicious. I usually do a malware review before connecting any new device to the internet.

What I reviewed

  • running processes and their signatures
  • startup apps (Task Manager formerly msconfig)
  • Installed Services
  • Windows Features Enabled
  • Partition Table Review (for malware)
  • Local user accounts
  • Confirm installed hardware components and brands met specifications.
  • BIOS & Windows 11 Secure Boot, TPM & Enhanced Hardware Security settings (see Questionable)

tl;dr & verdict -- This Beelink is the cleanest windows machine I’ve purchased (including Dell, HP, Alienware). Nothing installed would be considered bloatware , spyware or malware. A few installed options (see Questionable, below) were probably added for user-acceptance testing.

Good

  • running processes were signed by Microsoft, AMD or Realtek. No unsigned apps running
  • Nearly all services had a description and came from Microsoft
  • Startup Apps were published my microsoft , AMD or Realtek. One exception (below)
  • SSD utilization was good at 44GB (out of 1TB) . Only 3 partitions were present: EFI , Recovery & C: partition
  • Only the setup user account was enabled. 3 other accounts were setup by Windows and disabled (Administrator, DefaultAccount, WDAGUtilityAccount)
  • SSD (Crucial), Ram (Crucial), CPU (AMD) & Network Adapters (Intel) all met specifications.

Questionable but OK

  • Startup App “BurninTest_Autorun” – not signed/ no publisher. Seems to be part of passmark
  • Suspicious Microsoft Services – All Seem legitimate but were missing descriptions (a MS issue)
    • NPSMSvc_517fb -- Windows Media manager – Now Playing service
    • WaaSMedicSvc -- Waas Medic agent, represents the Windows Update medic service.
    • McpManagementService -- McpManagementService is a Windows service that is responsible for managing Universal Print Management in Office 365
  • Unnecessary Windows Features – Official & safe features that I later disabled
    • OpenSSH Server
    • .Net 3.5 Support
    • .Net Advanced Features / TCP Port Sharing
    • SMB Direct Memory
  • TPM Attestation = “Unavailable” & Memory Integrity was disabled, which disabled “Enhanced Hardware Security”
    • I fixed this with (a) enable memory integrity (b) reset TPM using Windows

Bad but not Malicious

  • Windows Developer Mode was Enabled
  • EDIT: I revised Developer mode to “bad” as it opens up novice users to attacks. I don’t believe this was done as a back door because nothing seemed to be exploiting it.

EDIT: Added more hardware and software reviews to the results.