Intel AMT Features > System Defense > Use Cases > Delete a Specific Filter
CollapseAll image

Delete a Specific Filter

The following steps describe how to delete a specific filter.

1.  Find the instance of CIM_ComputerSystem representing the Intel AMT, as described in Discovering CIM_ComputerSystem.

2.  From the CIM_ComputerSystem instance, traverse the CIM_HostedService association class to find the instance of AMT_SystemDefenseService.

3.  From the AMT_SystemDefenseService, traverse the AMT_SystemDefensePolicyInService association class to find the instances of AMT_SystemDefensePolicy.

4.  Go over the list of AMT_SystemDefensePolicy instances. For each instance:

a.   Traverse the AMT_FilterInSystemDefensePolicy association class to find the instance of AMT_Hdr8021Filterand AMT_IPHeadersFilter.

b.   Examine the lists returned by the enumerate methods and search for the relevant value of the desired property. For example, to delete all filters that filter outgoing packets, search for the “0” value in the property FilterDirection.

c.    Invoke the Delete method on the instance.

 Note:

You cannot delete a filter while it is associated to a policy. To delete a filter that is used in an existing policy, delete the policy, delete the filter, and re-create a new policy.

 

Click here for a snippet demonstrating this step

You can execute this snippet by inserting it into the execution template found here.

  

# Delete ethernet filters that have a specific name.

$name ="MyEthernetFilter"

$hdr8021FilterRef =$wsmanConnectionObject.NewReference("AMT_Hdr8021Filter")

foreach($hdr8021FilterItem in$hdr8021FilterRef.Enumerate())

{

    $hdr8021FilterRef =$hdr8021FilterItem.Object.ToReference("InstanceID")

    $hdr8021FilterInstance =$hdr8021FilterRef.Get()

    if($hdr8021FilterInstance.GetProperty("Name") -like $name)

    {

          $hdr8021FilterRef.Delete()

    }

}

# Delete all IP filters with a "Statistics + Drop" filter profile.

$filterProfile ="1"

$ipHeadersFilterRef =$wsmanConnectionObject.NewReference("AMT_IPHeadersFilter")

foreach($ipHeadersFilterItem in$ipHeadersFilterRef.Enumerate())

{

    $ipHeadersFilterRef =$ipHeadersFilterItem.Object.ToReference("InstanceID")

    $ipHeadersFilterInstance =$ipHeadersFilterRef.Get()

    if($ipHeadersFilterInstance.GetProperty("FilterProfile") -like $filterProfile)

    {

          $ipHeadersFilterRef.Delete()

    }

}

 

 

Instance Diagram

Not applicable

Classes Used in This Flow

SDK Sample

If there is a sample demonstrating this flow, it is included in the SDK installation file. See SDK Installation Layout for details.

 

See Also:

   Network Isolation

   System Defense Policies

   Heuristic Policies

   System Defense Filter Types

   Processing Network Packets with System Defense

   Networking Packet Structures

Copyright © 2006-2022, Intel Corporation. All rights reserved.