Hello. I was wondering if anyone has noticed this behavior with ME 7.0-11.8 when disabling “Manageability Feature Selection” in MEBX. 1) meinfo still shows “Link up” when ethernet is connected despite AMT being “disabled”. 2) ethtool -S eno1 will still show rx_smbus and tx_smbus traffic, and rx_smbus will rapidly increase when port-scanning 16992. 3) On 5M/Corporate platforms, only Temp Disable/ALT disable mode actually disable the ME’s connection to the NIC, as rx_smbus and tx_smbus stay at 0. Setting “Intel ME Network Service” to “permanently disabled” in FITC seems to be the only way to truly run these platforms’ ME in “Consumer Mode”.
This seems like a DDoS opportunity waiting to happen.
Edit: Packets sent to AMT ports are passed to the OS when AMT is unprovisioned or “disabled”, which will lead to the false impression that these backdoor ports are disabled. The NIC is still filtering these ports and sending traffic intended for them to the ME first.
Probably “By Design” until you ask them in a broad/public and official manner, then they would say “Sorry, bugged, here is fix” You know, as you mentioned… Backdoor 
I found this – https://software.intel.com/sites/managea…ingintelamt.htm
There’s no excuse for why they can’t backport this ability. It is already possible to effectively have the same thing by using FITC to permanently disable all Manageability-related features. Especially when this new "feature" is basically the way ME 5.0/6.0 behaved when Manageability feature selection was set to ‘None’
If you need it disabled just disable via the HAP bit (set reserved to Yes in FITc)