Heuristic Policies

note-icon Note:

This feature was deprecated in Release 10.0 and removed in Release 12.0.

Heuristics policies are used for detecting both slow and fast worms on Intel AMT systems. The Heuristics Engine detects worm-like behavior on an Intel AMT system—that is, whether the Intel AMT system is sending large numbers of packets to the same port number on different systems.

note-icon Note:

Mobile platforms and wireless interfaces do not support heuristics system defense policies.  Therefore,  this feature is not available on LAN-less platforms.

In the heuristics policy, you define what you mean by slow and fast worms, and specify the action that should be performed if a system’s behavior matches the heuristics policy.

A heuristics policy defines the following:

   Maximum number of packets transmitted to a single port in the specified period (see the next bullet)

   Period in which to count the packets:

   For a slow worm profile, the number of seconds — (between 10 and 50)

   For a fast worm profile, the number of milliseconds — (between 10 and 1000)

   Number of seconds during which the action will be performed after a system’s behavior has matched the heuristics policy. (You specify this period in the policy via the EncounterTimeout parameter.) For example, you can specify that if a worm’s behavior is detected, the system should be isolated from the network for X seconds. When this period has passed, the heuristics counter is reset, and the heuristics state is set back to "running”.  If the value of this parameter is 0, the heuristics policy remains active either until it is cleared or until the heuristics counter has been reset.

   The action to perform when the heuristics policy detects a worm’s behavior:

   Completely isolate the system from the network.

   Block traffic to a targeted port

   Apply a full System Defense Policy

 

See Also:

   Get Heuristics Settings

   Set/Enable/Disable Heuristics Settings

   Set a Heuristics System Defense Policy

   Delete a Heuristics System Defense Policy

   Get the Heuristic Statistics (Including Current State)

   Clear the Heuristic System Defense Statistics

Copyright © 2006-2022, Intel Corporation. All rights reserved.