Microsoft Forefront Endpoint Protection Security Windows Firewall Monitor Type

Microsoft.FEP.SecurityVulnerability.FirewallMonitorType (UnitMonitorType)

Element properties:

Show References:
- Unit Monitors (1)

RunAs	Default
Accessibility	Public
Support Monitor Recalculate	True

Member Modules:

ID	Module Type	TypeId	RunAs
EventDS	DataSource	Microsoft.FEP.ProtectedServer.FirewallEventDSType	Default
WMIProbe	ProbeAction	Microsoft.FEP.FirewallWMIProbeActionModuleType	Default
FirewallOffCondition	ConditionDetection	System.ExpressionFilter	Default
FirewallOnCondition	ConditionDetection	System.ExpressionFilter	Default

Overrideable Parameters:

ID	ParameterType	Selector	Display Name	Description
DelayTime	int	$Config/DelayTime$	Delay Time (Seconds)

Source Code:

<UnitMonitorType ID="Microsoft.FEP.SecurityVulnerability.FirewallMonitorType" Accessibility="Public">

  <MonitorTypeStates>

    <MonitorTypeState ID="On" NoDetection="false"/>

    <MonitorTypeState ID="Off" NoDetection="false"/>

  </MonitorTypeStates>

  <Configuration>

    <xsd:element minOccurs="1" name="ComputerName" type="xsd:string"/>

    <xsd:element minOccurs="1" name="DelayTime" type="xsd:positiveInteger"/>

  </Configuration>

  <OverrideableParameters>

    <OverrideableParameter ID="DelayTime" Selector="$Config/DelayTime$" ParameterType="int"/>

  </OverrideableParameters>

  <MonitorImplementation>

    <MemberModules>

      <DataSource ID="EventDS" TypeID="Microsoft.FEP.ProtectedServer.FirewallEventDSType"/>

      <ProbeAction ID="WMIProbe" TypeID="Microsoft.FEP.FirewallWMIProbeActionModuleType">

        <ComputerName>$Config/ComputerName$</ComputerName>

        <DelayTime>$Config/DelayTime$</DelayTime>

        <MonitorName>Windows Firewall</MonitorName>

      </ProbeAction>

      <ConditionDetection ID="FirewallOnCondition" TypeID="System!System.ExpressionFilter">

        <Expression>

          <SimpleExpression>

            <ValueExpression>

              <XPathQuery Type="String">Property[@Name='FirewallStatus']</XPathQuery>

            </ValueExpression>

            <Operator>Equal</Operator>

            <ValueExpression>

              <Value Type="String">On</Value>

            </ValueExpression>

          </SimpleExpression>

        </Expression>

      </ConditionDetection>

      <ConditionDetection ID="FirewallOffCondition" TypeID="System!System.ExpressionFilter">

        <Expression>

          <Or>

            <Expression>

              <SimpleExpression>

                <ValueExpression>

                  <XPathQuery Type="String">Property[@Name='FirewallStatus']</XPathQuery>

                </ValueExpression>

                <Operator>Equal</Operator>

                <ValueExpression>

                  <Value Type="String">Off</Value>

                </ValueExpression>

              </SimpleExpression>

            </Expression>

            <Expression>

              <SimpleExpression>

                <ValueExpression>

                  <XPathQuery Type="String">Property[@Name='FirewallStatus']</XPathQuery>

                </ValueExpression>

                <Operator>Equal</Operator>

                <ValueExpression>

                  <Value Type="String">Uninstalled</Value>

                </ValueExpression>

              </SimpleExpression>

            </Expression>

          </Or>

        </Expression>

      </ConditionDetection>

    </MemberModules>

    <RegularDetections>

      <RegularDetection MonitorTypeStateID="On">

        <Node ID="FirewallOnCondition">

          <Node ID="WMIProbe">

            <Node ID="EventDS"/>

          </Node>

        </Node>

      </RegularDetection>

      <RegularDetection MonitorTypeStateID="Off">

        <Node ID="FirewallOffCondition">

          <Node ID="WMIProbe">

            <Node ID="EventDS"/>

          </Node>

        </Node>

      </RegularDetection>

    </RegularDetections>

    <OnDemandDetections>

      <OnDemandDetection MonitorTypeStateID="On">

        <Node ID="FirewallOnCondition">

          <Node ID="WMIProbe"/>

        </Node>

      </OnDemandDetection>

      <OnDemandDetection MonitorTypeStateID="Off">

        <Node ID="FirewallOffCondition">

          <Node ID="WMIProbe"/>

        </Node>

      </OnDemandDetection>

    </OnDemandDetections>

  </MonitorImplementation>

</UnitMonitorType>