Not sure why Model from Win32_ComputerSystem is giving such an odd value. On my workstation, it gives
q: string value of selects "Model from Win32_ComputerSystem" of wmi
A: HP Z420 Workstation
Generally, you’d want to order your relevance clauses such that the earlier clauses either evaluate faster, or exclude more systems (so most systems don’t have to spend time evaluating the later clauses). For the Intel AMT vulnerability, you’d use the first clause to filter to only Intel processors
exists vendor names whose (it = "GenuineIntel") of processors
For the second clause, your WMI query targets only Lenovo T460p, and already returns a true/false, so you can use that in your fixlet relevance as well.
In the fixlet you reference, what they are doing is downloading and executing an Intel utility to scan for the vulnerability on the system, presumably leaving a file or registry entry that can be queried later in another fixlet/task. This is something you need to do on occasions where there are no built-in inspectors to find the information you want. In these cases you may need to run a utility to generate the data that you want to query later.
For the Intel AMT, I’d recommend you use the C3 offerings on BigFix.me from @strawgate. This includes the following series of tasks -
https://bigfix.me/fixlet/details/24410 Invoke - Intel SA 00075 Probe - Windows
- This downloads the Intel utility to probe for the AMT status, and writes the results to the Registry.
https://bigfix.me/fixlet/details/24276 Invoke - Intel SA 00075 Unprovision Active Management Technology - Windows
- This unprovisions the AMT capability. Requires the prior Probe to be run to detect that AMT is present and vulnerable.
https://bigfix.me/fixlet/details/24275 Invoke - Intel SA 00075 Remove Local Management Service - Windows
- This removes the Local Management Service (the prior Probe must first be run to detect whether AMT is present and not provisioned)
Given these three fixlets, I don’t think you need to do any hardware model filtering. These aren’t flashing the BIOS to corrected versions of AMT, they are removing the AMT capability.
If you are actively using AMT, then you’ll need to take separate actions for each hardware model to flash the BIOS levels up to safe versions. For that I’d recommend separate fixlets for each hardware model, and you may need to do a similar “Action to probe the system and generate the data used to check Relevance on the correction fixlets”, since you may need to use a utility from each vendor to detect the BIOS configurations and versions.