Set a Heuristics System Defense Policy

Intel AMT Features > System Defense > Use Cases > Set a Heuristics System Defense Policy

Note:

Heuristic settings are NOT supported by wireless interfaces. Therefore, this will not work on a LAN-less platform.

This feature was deprecated in Release 10.0 and removed in Release 12.0.

The following steps describe how to set a Heuristics System Defense Policy on an Intel AMT system.

1. Retrieve the CIM_EthernetPort instance for the wired interface, where “DeviceID” key equals “Intel(r) AMT Ethernet Port 0”.

2. Create an instance of AMT_HeuristicPacketFilterInterfacePolicy where:

• The AMT_HeuristicPacketFilterInterfacePolicy.Antecendant property is set to the EPR of the required CIM_EthernetPort instance.

• The AMT_HeuristicPacketFilterInterfacePolicy.Dependent property is set to the EPR of the required AMT_SystemDefensePolicy instance.

Note:

• Before setting an heuristcs policy invoke AMT_HeuristicPacketFilterSettings.Put at least once (See Set a Heuristics System Defense Policy). Even if Heuristics is disabled (state 3), activating a Heuristics SystemDefense policy changes the Heuristics status to enabled (state 0).

• This use case assumes that a system defense policy already exists. To create a system defense policy, see Create a System Defense Policy.

• To retrieve the system defense policy enabled by the Heuristics service, see Get Active and Enabled Policies.

Click here for a snippet demonstrating this step

You can execute this snippet by inserting it into the execution template found here.

$ethernetPortRef =$wsmanConnectionObject.NewReference("SELECT * FROM CIM_EthernetPort WHERE DeviceID='Intel(r) AMT Ethernet Port 0'")

$heuristicPacketFilterInterfacePolicyInstance =$wsmanConnectionObject.NewInstance("AMT_HeuristicPacketFilterInterfacePolicy")

$heuristicPacketFilterInterfacePolicyInstance.SetProperty("Antecedent",$ethernetPortRef)

# $systemDefensePolicyRef is an EPR to the AMT_SystemDefensePolicy object created by the 'Create a System Defense Policy' use case.

$heuristicPacketFilterInterfacePolicyInstance.SetProperty("Dependent",$systemDefensePolicyRef)

$heuristicPacketFilterInterfacePolicyRef =$heuristicPacketFilterInterfacePolicyInstance.Create()

Instance Diagram

Classes Used in This Flow

• AMT_HeuristicPacketFilterInterfacePolicy

SDK Sample

If there is a sample demonstrating this flow, it is included in the SDK installation file. See SDK Installation Layout for details.