AnsweredAssumed Answered

Why "tbaseprovisioning" service is making my pc accessible to the internet ? Malware ? Backdoor ?

Question asked by 1stn00b on May 11, 2017
Latest reply on May 8, 2018 by kingfish

After installing AMD Chipset Drivers on Windows 7 x64 for my new Ryzen 7 1700 MSI x370 32GB ram build last week i started getting firewall warnings of incoming connections to local port 8732 on my pc. After some digging i found out that the port is opened by the tbaseprovisioning service.


The tbaseprovisioning service doesn't have any description beside Copyright 2013-2014 AMD (???) and it was installed with the AMD PSP 3.0 Device driver from :AMD Chipset Drivers Folder\Packages\Drivers\AMD PSP\


From what i seen there it has a tbaseprovisioning.exe.config that specify a local and remote accessible address if localhost is changed to my PC IP address (I've attached a screenshot of firewall warning after giving the web address to a friend)

            <add baseAddress="http://localhost:8732/Design_Time_Addresses/RootPA/Service1/" />


and also a strangely behavior CustomerDeskOperationsBehavior witch to me looks like spyware keylogger etc from the name.

<behavior name="CustomerDeskOperationsBehavior">
          <serviceMetadata httpGetEnabled="true" />
          <serviceDebug includeExceptionDetailInFaults="true" />


This looks like the discovered Intel remote execution backdoor


UPDATE 27.05.2017 : Used a digitalocean linux droplet to access the service on my windows pc