Intel AMT Features > System Defense > Use Cases > Disable a System Defense Policy
CollapseAll image

Disable a System Defense Policy

The following steps describe how to disable a System Defense policy.

1.  Retrieve the instance of CIM_EthernetPort with the DeviceID of the interface whose System Defense Policy you wish to disable:




     “Intel(r) AMT Ethernet Port 0” – wired port

     “Intel(r) AMT Ethernet Port 1” – wireless port

2.  Retreive the instance of AMT_SystemDefensePolicy with the InstanceID that you want.


The InstanceID is the ID of the System Defense policy you want to disable.

3.  Get the instance of AMT_NetworkPortSystemDefensePolicy, using the following keys:




Use the EPR of the CIM_EthernetPort retrieved in step 1.


Use the EPR of the AMT_SystemDefensePolicy retrieved in step 2.


4.  Invoke Delete on the instance of AMT_NetworkPortSystemDefensePolicy returned in step 3.

Click here for a snippet demonstrating this step

You can execute this snippet by inserting it into the execution template found here.


# $systemDefensePolicyRef is an EPR to the AMT_SystemDefensePolicy object created by the 'Create System Defense Policy' use case.

$systemDefensePolicyInstance =$systemDefensePolicyRef.Get()

$instanceID =$systemDefensePolicyInstance.GetProperty("InstanceID")

# Create a reference to the CIM_EthernetPort instance, select the wired interface.

$ethernetPortRef =$wsmanConnectionObject.NewReference("SELECT * FROM CIM_EthernetPort WHERE DeviceID='Intel(r) AMT Ethernet Port 0'")

$networkPortSystemDefensePolicyRef =$wsmanConnectionObject.NewReference("AMT_NetworkPortSystemDefensePolicy")


# Traverse to the AMT_NetworkPortSystemDefensePolicy instances that are connected to the CIM_EthernetPort instance.

foreach($networkPortSystemDefensePolicyItem in$networkPortSystemDefensePolicyRef.Enumerate("",$null))


    # For each instance, check if it is associated to the AMT_SystemDefensePolicy instance.



          # Get the AMT_SystemDefensePolicy object using its EPR.

          $systemDefensePolicyInstance =$networkPortSystemDefensePolicyItem.Object.GetProperty("Dependent").Ref.Get()

          if($systemDefensePolicyInstance.GetProperty("InstanceID") -like $instanceID)


                $networkPortSystemDefensePolicyRef =$networkPortSystemDefensePolicyItem.Object.ToReference("Antecedent","Dependent")







Instance Diagram

Not applicable

Classes Used in This Flow

SDK Sample

If there is a sample demonstrating this flow, it is included in the SDK installation file. See SDK Installation Layout for details.


See Also:

   Network Isolation

   System Defense Policies

   Heuristic Policies

   System Defense Filter Types

   Processing Network Packets with System Defense

   Networking Packet Structures

Copyright © 2006-2022, Intel Corporation. All rights reserved.