Intel AMT Features > System Defense > Use Cases > Delete a Heuristics System Defense Policy
CollapseAll image

Delete a Heuristics System Defense Policy


Heuristic settings are NOT supported by wireless interfaces.  Therefore, this feature is not available on LAN-less platforms.

This feature was deprecated in Release 10.0 and removed in Release 12.0.

The following step describes how to delete a Heuristics System Defense Policy.

1.  Using the EPR for an instance of AMT_SystemDefensePolicy, perform AMT_SystemDefensePolicy.Get and retrieve the InstanceID.

2.  Recover the EPR for the instance of CIM_EthernetPort, where the “DeviceID” key equals “Intel(r) AMT Ethernet Port 0”.

3.  Retrieve the instances of AMT_HeuristicPacketFilterInterfacePolicy where the “Antecedent” key equals the EPR of the instance of CIM_EthernetPort.

4.  Examine each instance:

a.   Check if it is associated to any system defense policy.

b.   If yes, check if this the system defense policy identified in step 1.

c.    If yes, Invoke Delete on the AMT_HeuristicPacketFilterInterfacePolicy.

Click here for a snippet demonstrating this step

You can execute this snippet by inserting it into the execution template found here.


# $systemDefensePolicyRef is an EPR to the AMT_SystemDefensePolicy object created by the 'Create a System Defense Policy' use case.

$systemDefensePolicyInstance =$systemDefensePolicyRef.Get()

$instanceID =$systemDefensePolicyInstance.GetProperty("InstanceID")

# Create a reference to the CIM_EthernetPort instance.

$ethernetPortRef =$wsmanConnectionObject.NewReference("SELECT * FROM CIM_EthernetPort WHERE DeviceID='Intel(r) AMT Ethernet Port 0'")

$heuristicPacketFilterInterfacePolicyRef =$wsmanConnectionObject.NewReference("AMT_HeuristicPacketFilterInterfacePolicy")


# Traverse to the AMT_HeuristicPacketFilterInterfacePolicy instances that are connected to the CIM_EthernetPort instance.

foreach($heuristicPacketFilterInterfacePolicyItem in$heuristicPacketFilterInterfacePolicyRef.Enumerate("",$null))


    # For each instance, check if it is associated to the AMT_SystemDefensePolicy instance.



          # Get the AMT_SystemDefensePolicy object using its EPR.

          $systemDefensePolicyInstance =$heuristicPacketFilterInterfacePolicyItem.Object.GetProperty("Dependent").Ref.Get()

          if($systemDefensePolicyInstance.GetProperty("InstanceID") -like $instanceID)


                $heuristicPacketFilterInterfacePolicyRef =$heuristicPacketFilterInterfacePolicyItem.Object.ToReference("Antecedent","Dependent")







Instance Diagram

Classes Used in This Flow


SDK Sample

If there is a sample demonstrating this flow, it is included in the SDK installation file. See SDK Installation Layout for details.


See Also:

   Network Isolation

   System Defense Policies

   Heuristic Policies

   System Defense Filter Types

   Processing Network Packets with System Defense

   Networking Packet Structures

Copyright © 2006-2022, Intel Corporation. All rights reserved.