TPM Overview:
The Trusted Platform Module (TPM) is a hardware-based security chip embedded in modern computing devices. It is designed to provide robust security features by securely storing cryptographic keys, passwords, and certificates. TPM plays a vital role in protecting device integrity and enabling secure boot processes, credential protection, and disk encryption technologies such as BitLocker.
Key Functions of TPM
Secure storage of cryptographic keys and credentials
Platform integrity verification during system startup
Enables Secure Boot and Trusted Attestation
Supports full-disk encryption solutions like BitLocker
Enhances credential security (e.g., Windows Hello, Credential Guard)
Steps to Detect TPM Version Using Saner CVEM
To check the TPM version (e.g., TPM 2.0) across devices, follow these steps using the Posture Anomaly module in Saner CVEM:
Step-by-Step Instructions
1. Open the PA Module
Log in to the Saner CVEM console.
Navigate to the PA (Posture Anomaly) module.
2. Create a Custom Detection Rule
Go to the Custom Rules section.
Click on the Detection tab to begin creating a new detection rule.
3. Add a WMI-Based Detection Query
In the Detection section, search for "WMI".
Drag and drop the WMI block into the Query Builder pane.
4. Configure the WMI Query
Fill in the following values:
WMI Namespace →
root\CIMV2\Security\MicrosoftTpm
Windows Query Language (WQL) →SELECT SpecVersion FROM Win32_Tpm
- WMI Result Regex →
^.*$
(This ensures that any returned value is captured.)
5. Select Target Devices
Choose the target devices from which you want to collect TPM version data.
Click Deploy to proceed.
6. Configure Package Details
Provide a relevant package name, e.g., “TPM Version Detection”.
Specify how frequently the query should run on the target devices.
Click Update Package to save the configuration.
7. Submit the Query
Click Submit or Send Query to Agents to deploy the detection rule.
8. Fetch and View Results
After the query runs, click Fetch to retrieve the results.
The Results Pane will show devices along with their detected TPM version (e.g.,
2.0
or1.2
).

Conclusion:
By following the above steps, you can effectively detect the TPM version on devices in your environment using Saner CVEM. This is especially useful for ensuring compliance with modern security standards such as those required by Windows 11.
If you need further assistance or help building other queries, feel free to contact our support team.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article