Utility to Edit the Intel AMT Network Filtering Settings via Real-Time System Manager

Intel® AMT's System Defense technology lets you block incoming and outgoing traffic from and to the Intel AMT computer's operating system, protecting computers from incoming threats and preventing infected computers from spreading threats to other computers on the network.

This utility will be included with the install for a future version of Real-Time System Manager past 6.2. Before it is officially released, it can be used 'As is', using the following instructions (also provided as is).

Introduction

System Defense technology incorporates network filters which let you control the ports to keep open while System Defense technology is active. For example, the default network filters used in Altiris® Real-Time System Manager Solution™ keep DNS, LDAP, DHCP, and a few other ports open to let the Altiris Agent, installed on the client computer with Intel AMT, communicate with the Altiris® Notification Server™ software.

The Edit Network Filters (ENF) utility lets you create and modify network filters. You can later import the filters into Real-Time System Manager solution and use for Intel AMT's System Defense functionality.

Installing the ENF Utility

The ENF Utility is distributed through the Altiris support. To obtain the utility contact your support representative.

The ENF Utility Requirements

The ENF utility integrates into the Notification Server infrastructure and must be installed on the Notification Server computer.

Installing the ENF Utility

To install the ENF utility, run the Altiris_ENF_6_2.exe on the Notification Server computer and follow the wizard.

Using the ENF Utility

The ENF utility lets you manage the list of ports, which will be kept open when you enable network filtering functionality on a computer with Intel AMT.

Running the ENF Utility

To run the ENF utility

1. On the Notification Server computer, click the Windows Start button.
2. Select All Programs > Altiris > Utility > Edit Network Filters. The ENF utility opens in the Internet Explorer.

Creating Custom Network Filters

If Real-Time System Manager Solution is installed on the Notification Server, the ENF utility opens the network filters file used by Real-Time System Manager Solution. By default, the file's location is C:\Program Files\Altiris\RTSM\UIData\CBFilters.xml. This file is accessed by Real-Time System Manager Solution directly and you do not need to import the file into the Altiris Console manually.

If Real-Time System Manager Solution is not installed on the Notification Server, the ENF utility creates its own network filters file. By default, the file's location is C:\Program Files\Altiris\EditNetworkFilters\CBFilters.xml. If you want the Real-Time System Manager Solution to use this file, you have to import it into the Altiris Console.

Backing up the Default Filters

Before you modify the network filters, we suggest that you back up the default filters.

Adding a Network Filter

You can add more ports to the network filters list that will be kept open when you enable network filtering on the client computer with Intel AMT.

Example: you can allow Remote Desktop connections on port 3389 when network filtering is active.

To allow Remote Desktop connections.

1. Add incoming connections filter for port 3389.
   1. Click the Plus sign. The Add/Modify Network Filter dialog appears.
   2. Click Next.
   3. Select TCP and Incoming. Click Next.
   4. Select Address of the target computer where network filtering will be applied.
   5. Treat this address as Destination of the network traffic to filter. Click Next.
   6. Select Range of ports. Click Next.
   7. Select Manually type in the lower boundary of the port range. Enter 3389.
   8. Select Manually type in the upper boundary of the port range. Enter 3389.
   9. Treat this port range as Destination of the network traffic to filter.
   10. Click Next.
   11. Enter the name for the filter without spaces.
       Example: RTSM_RDP_RX
2. Click Finish.
3. Add outgoing connections filter for port 3389.
   1. Click the plus icon. The Add/Modify Network Filter dialog appears.
   2. Click Next.
   3. Select TCP and Outgoing. Click Next.
   4. Select Address of the target computer where network filtering will be applied.
   5. Treat this address as Source of the network traffic to filter. Click Next.
   6. Select Range of ports. Click Next.
   7. Select Manually type in the lower boundary of the port range. Enter 3389.
   8. Select Manually type in the upper boundary of the port range. Enter 3389.
   9. Treat this port range as Source of the network traffic to filter.
   10. Click Next.
   11. Enter the name for the filter without spaces.
       Example: RTSM_RDP_TX
   12. Click Finish.
   13. Click the 'save' icon.

Exporting Network Filters

You can export the list of network filters to a .XML file.

To export the filters

1. Click the Export icon.
2. Choose the location and the name for the file.
   
   Note: If you are viewing the ENF utility from a remote computer, export the filters to a location that the Notification Server computer can access, for example, a network share.
3. Click Save.

Importing Network Filters into Real-Time System Manager Solution

You can import custom network filters file into Real-Time System Management Solution.

If you used ENF utility to edit the default Real-Time System Management Solution's network filters file (C:\Program Files\Altiris\RTSM\UIData\CBFilters.xml) directly, you do not have to import this file.

To import the custom filters

1. In the Altiris Console, click the Configuration tab (If you are using the Altiris Console 6.5, select View > Configuration).
2. Select Solution Settings > Real-Time Console Infrastructure > Configuration.
3. Click the Network Filtering tab.
4. Click the Advanced button. The Advanced Network Filtering dialog appears.
5. Select Import network filtering settings and browse for a custom network filters file. Click Open.
6. Click OK.
7. Click Apply.

The network filters you imported will be used next time you configure an Intel AMT computer from Real-Time System Management Solution's Real-Time view.