Intel AMT Features > System Defense > Use Cases > Enable/Disable a Default System Defense Policy
CollapseAll image

Enable/Disable a Default System Defense Policy

 Note:

Default System Defense policies are available from Intel AMT release 4.x.

Enabling/Disabling a System Defense policy is described in the following use cases:

   Enable a System Defense Policy

   Disable a System Defense Policy

However, when enabling/disabling a default System Defense policy, you use an association to the AMT_NetworkPortDefaultSystemDefensePolicy class instead of the AMT_NetworkPortSystemDefensePolicy class.

 Note:

   Each interface can have a policy defined to be a default policy.

   When an interface has a default policy, Intel AMT activates the policy when there are no other active policies for that interface.

   If a policy with a defined timeout was activated and eventually timed out, the default policy is activated in its place.

   The AMT_NetworkPortDefaultSystemDefensePolicy association does not have the Enabled property (it is always assumed to be enabled).

Click here for a snippet showing how to enable a default policy

You can execute this snippet by inserting it into the execution template found here.

  

# Select the wired interface.

$ethernetPortRef =$wsmanConnectionObject.NewReference("SELECT * FROM CIM_EthernetPort WHERE DeviceID='Intel(r) AMT Ethernet Port 0'")

# Create the AMT_NetworkPortDefaultSystemDefensePolicy instance with the relevant keys.

$networkPortDefaultSystemDefensePolicyInstance =$wsmanConnectionObject.NewInstance("AMT_NetworkPortDefaultSystemDefensePolicy")

$networkPortDefaultSystemDefensePolicyInstance.SetProperty("Antecedent",$ethernetPortRef)

# $systemDefensePolicyRef is an EPR to the AMT_SystemDefensePolicy object created by 'Create a System Defense Policy' use case.

$networkPortDefaultSystemDefensePolicyInstance.SetProperty("Dependent",$systemDefensePolicyRef)

$networkPortDefaultSystemDefensePolicyRef =$networkPortDefaultSystemDefensePolicyInstance.Create()

 

 

Click here for a snippet showing how to disable a default policy

You can execute this snippet by inserting it into the execution template found here.

  

# $systemDefensePolicyRef is an EPR to the AMT_SystemDefensePolicy object created by the 'Create a System Defense Policy' use case.

$systemDefensePolicyInstance =$systemDefensePolicyRef.Get()

$instanceID =$systemDefensePolicyInstance.GetProperty("InstanceID")

# Create a reference to the CIM_EthernetPort instance, select the wired interface.

$ethernetPortRef =$wsmanConnectionObject.NewReference("SELECT * FROM CIM_EthernetPort WHERE DeviceID='Intel(r) AMT Ethernet Port 0'")

$networkPortDefaultSystemDefensePolicyRef =$wsmanConnectionObject.NewReference("AMT_NetworkPortDefaultSystemDefensePolicy")

$networkPortDefaultSystemDefensePolicyRef.AddSelector("Antecedent",$ethernetPortRef)

# Traverse to the AMT_NetworkPortDefaultSystemDefensePolicy instances that are connected to the CIM_EthernetPort instance.

foreach($networkPortDefaultSystemDefensePolicyItem in$networkPortDefaultSystemDefensePolicyRef.Enumerate("http://schemas.dmtf.org/wbem/wsman/1/wsman/SelectorFilter",$null))

{

    # Check if it is associated to the AMT_SystemDefensePolicy instance.

if($networkPortDefaultSystemDefensePolicyItem.Object.GetProperty("Dependent").IsA("AMT_SystemDefensePolicy"))

    {

          # Get the AMT_SystemDefensePolicy object using its EPR.

          $systemDefensePolicyInstance =$networkPortDefaultSystemDefensePolicyItem.Object.GetProperty("Dependent").Ref.Get()

          if($systemDefensePolicyInstance.GetProperty("InstanceID") -like $instanceID)

          {

                $networkPortDefaultSystemDefensePolicyRef =$networkPortDefaultSystemDefensePolicyItem.Object.ToReference("Antecedent","Dependent")

                $networkPortDefaultSystemDefensePolicyRef.Delete()

          }

    }

}

 

 

 

See Also:

   Network Isolation

   System Defense Policies

   Heuristic Policies

   System Defense Filter Types

   Processing Network Packets with System Defense

   Networking Packet Structures

Copyright © 2006-2022, Intel Corporation. All rights reserved.