I am getting following error in the log file.
Creating System Defense Policy... Success.
Get System Defense Policy...
Intel AMT System Defense Policy
Instance ID: Intel AMT:Handle:16
Policy Precedence: 0
AntiSpoofing Support: COUNTING_AND_EVENT_ON_MATCH
Error manipulating SDH functions:
Object reference not set to an instance of an object. Exception caught
Remove all created instances... Success.
Are you running one of the samples in the SDK when you get this error? You may want to look at the new and improved documentation in the latest SDK.
You can also use the DTK to test System Defence. You may want to refer to "Demonstration video 2 - Intel System Defense, Agent Presence" available here.
Thanks for the reply. I am using the latest SDK now. The sample code works without any changes, but I needed to make a small change to filter out a certain IPV4 address.
I have attempted to filter a particular destination address using the sample code in the most recent SDK.
Inside of the function CreateIpHeadersFilter() I added:
string Target = "192.168.0.2";
string TargetMask = "255.255.255.0";
filter.HdrDestAddress = Target.ToString();
filter.HdrDestMask = TargetMask.ToString();
before filter.Create() is called. I have tried various format versions and nothing seems to create a correct schema definition.
What is the proper string format for HdrDestAddress, HdrDestMask, HdrSrcAddress, and HdrSrcMask for IPV4.
>systemdefense.exe -verbose -createpolicy -host 192.168.0.1 -user admin -pass Admin~12
Intel AMT System Defense Filter
Instance ID: 52
System Creation Class Name: CIM_ComputerSystem
Creation Class Name: AMT_Hdr8021Filter
System Name: Intel AMT
Filter Name: Sample8021Filter
Filter Direction: TRANSMIT
Filter Profile: STATISTICS_DROP
Filter ProfileData: Not Specified
Header Protocol ID 8021: ETH_TYPE_IP
Action Event On Match: False
All created object were deleted
WSManException: The supplied SOAP violates the corresponding XML schema definition.
Exception Detail: WSManFault.Code: a:Sender WSManFault.SubCode: e:SchemaValidationError
I apologize for the long delay...
The DMTF's WS-CIM Mapping Specification (DSP0230) defines Octetstrings and their utilization; you may wish to review this doc, particularly Section 9.2.4.
To answer your specific question, the IP address format should utilize hexbinary. So, 192.168.1.10 converts to 0xC0A8010A