NOT
(
(
(
exists rule whose
(
(
NOT exists local ports string of it OR local ports string of it contains
(
value "ListenPort" of key "HKLM\SOFTWARE\BigFix\EnterpriseClient\GlobalOptions" of registry as string
)
OR local ports string of it = "*"
)
AND
(
(
(
application name of it ends with "\BESRelay.exe"
)
AND NOT
(
service name of it = "BESRelay"
)
)
OR
(
regex "^(\s)*$" = application name of it AND regex "^(\s)*$" = service name of it
)
)
and enabled of it and protocol of it = udp and inbound of it and profile
(
current profile type of firewall
)
of it
)
of firewall
)
OR
(
exists internet connection firewall whose
(
enabled of it AND exists port mapping whose
(
enabled of it AND protocol of it = "udp" AND internal port of it as string =
(
value "ListenPort" of key "HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\EnterpriseClient\GlobalOptions" of registry
)
as string
)
of it
)
of adapters of network
)
OR
(
exist key "HKLM\Software\Policies\Microsoft\WindowsFirewall\FirewallRules" whose
(
(
exists value whose
(
it as string as lowercase contains "|action=allow|" and it as string as lowercase contains "|active=true|" AND it as string as lowercase contains "|dir=in|" and
(
it as string as lowercase contains "|protocol=17|" or NOT
(
it as string as lowercase contains "|protocol"
)
)
AND
(
it as string as lowercase contains "|lport=" &
(
value "ListenPort" of key "HKLM\SOFTWARE\BigFix\EnterpriseClient\GlobalOptions" of registry as string
)
& "|" OR not
(
it as string as lowercase contains "|lport="
)
)
AND
(
not
(
(
it as string as lowercase contains "|app="
)
)
OR
(
it as string as lowercase contains "|app=" and it as string contains "\BESRelay.exe|"
)
)
AND
(
(
it as string as lowercase contains "|profile=" &
(
if
(
current profile type of firewall = domain firewall profile type
)
then "domain|" else if
(
current profile type of firewall = public firewall profile type
)
then "public|" else if
(
current profile type of firewall = private firewall profile type
)
then "private|" else "INVALID"
)
)
OR not
(
it as string as lowercase contains "|profile"
)
)
)
of it
)
)
of native registry
)
OR
(
(
(
exists key
(
"HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\" &
(
if
(
current profile type of firewall = domain firewall profile type
)
then "DomainProfile" else "StandardProfile"
)
& "\GloballyOpenPorts"
)
whose
(
exists value whose
(
(
name of it as lowercase = "enabled"
)
AND
(
it = 1
)
)
of it
)
of it
)
AND
(
exists key
(
"HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\" &
(
if
(
current profile type of firewall = domain firewall profile type
)
then "DomainProfile" else "StandardProfile"
)
& "\GloballyOpenPorts\List"
)
whose
(
exists value whose
(
(
name of it starts with value "ListenPort" of key "HKLM\SOFTWARE\BigFix\EnterpriseClient\GlobalOptions" of x32 registry as string & ":"
)
AND
(
regex "^(\d)+:UDP:(.+)?:enabled:(.+)$" = name of it
)
)
of it
)
of it
)
)
of native registry
)
OR
(
(
(
exists key
(
"HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\" &
(
if
(
current profile type of firewall = domain firewall profile type
)
then "DomainProfile" else "StandardProfile"
)
& "\AuthorizedApplications"
)
whose
(
exists value whose
(
(
name of it as lowercase = "enabled"
)
AND
(
it = 1
)
)
of it
)
of it
)
AND
(
exists key
(
"HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\" &
(
if
(
current profile type of firewall = domain firewall profile type
)
then "DomainProfile" else "StandardProfile"
)
& "\AuthorizedApplications\List"
)
whose
(
exists value whose
(
(
regex "^(.+)?\\BESRelay.exe:(.+)?:enabled:(.+)$" = name of it
)
)
of it
)
of it
)
)
of native registry
)
)
AND
(
(
exists rule whose
(
(
NOT exists local ports string of it OR local ports string of it contains
(
value "ListenPort" of key "HKLM\SOFTWARE\BigFix\EnterpriseClient\GlobalOptions" of registry as string
)
OR local ports string of it = "*"
)
AND
(
(
(
application name of it ends with "\BESRelay.exe"
)
AND NOT
(
service name of it = "BESRelay"
)
)
OR
(
regex "^(\s)*$" = application name of it AND regex "^(\s)*$" = service name of it
)
)
and enabled of it and protocol of it = tcp and inbound of it and profile
(
current profile type of firewall
)
of it
)
of firewall
)
OR
(
exists internet connection firewall whose
(
enabled of it AND exists port mapping whose
(
enabled of it AND protocol of it = "tcp" AND internal port of it as string =
(
value "ListenPort" of key "HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\EnterpriseClient\GlobalOptions" of registry
)
as string
)
of it
)
of adapters of network
)
OR
(
exist key "HKLM\Software\Policies\Microsoft\WindowsFirewall\FirewallRules" whose
(
(
exists value whose
(
it as string as lowercase contains "|action=allow|" and it as string as lowercase contains "|active=true|" AND it as string as lowercase contains "|dir=in|" and
(
it as string as lowercase contains "|protocol=6|" or NOT
(
it as string as lowercase contains "|protocol"
)
)
AND
(
it as string as lowercase contains "|lport=" &
(
value "ListenPort" of key "HKLM\SOFTWARE\BigFix\EnterpriseClient\GlobalOptions" of registry as string
)
& "|" OR not
(
it as string as lowercase contains "|lport="
)
)
AND
(
not
(
(
it as string as lowercase contains "|app="
)
)
OR
(
it as string as lowercase contains "|app=" and it as string contains "\BESRelay.exe|"
)
)
AND
(
(
it as string as lowercase contains "|profile=" &
(
if
(
current profile type of firewall = domain firewall profile type
)
then "domain|" else if
(
current profile type of firewall = public firewall profile type
)
then "public|" else if
(
current profile type of firewall = private firewall profile type
)
then "private|" else "INVALID"
)
)
OR not
(
it as string as lowercase contains "|profile"
)
)
)
of it
)
)
of native registry
)
OR
(
(
(
exists key
(
"HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\" &
(
if
(
current profile type of firewall = domain firewall profile type
)
then "DomainProfile" else "StandardProfile"
)
& "\GloballyOpenPorts"
)
whose
(
exists value whose
(
(
name of it as lowercase = "enabled"
)
AND
(
it = 1
)
)
of it
)
of it
)
AND
(
exists key
(
"HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\" &
(
if
(
current profile type of firewall = domain firewall profile type
)
then "DomainProfile" else "StandardProfile"
)
& "\GloballyOpenPorts\List"
)
whose
(
exists value whose
(
(
name of it starts with value "ListenPort" of key "HKLM\SOFTWARE\BigFix\EnterpriseClient\GlobalOptions" of x32 registry as string & ":"
)
AND
(
regex "^(\d)+:TCP:(.+)?:enabled:(.+)$" = name of it
)
)
of it
)
of it
)
)
of native registry
)
OR
(
(
(
exists key
(
"HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\" &
(
if
(
current profile type of firewall = domain firewall profile type
)
then "DomainProfile" else "StandardProfile"
)
& "\AuthorizedApplications"
)
whose
(
exists value whose
(
(
name of it as lowercase = "enabled"
)
AND
(
it = 1
)
)
of it
)
of it
)
AND
(
exists key
(
"HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\" &
(
if
(
current profile type of firewall = domain firewall profile type
)
then "DomainProfile" else "StandardProfile"
)
& "\AuthorizedApplications\List"
)
whose
(
exists value whose
(
(
regex "^(.+)?\\BESRelay.exe:(.+)?:enabled:(.+)$" = name of it
)
)
of it
)
of it
)
)
of native registry
)
)
AND
(
(
exists key
(
"HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\" &
(
if
(
current profile type of firewall = domain firewall profile type
)
then "DomainProfile" else "StandardProfile"
)
& "\IcmpSettings"
)
whose
(
exists value whose
(
name of it = "AllowInboundEchoRequest" and it = 1
)
of it
)
of native registry
)
OR
(
(
(
exists rule whose
(
(
enabled of it and
(
protocol of it = internet protocol 1
)
and inbound of it and profile
(
current profile type of firewall
)
of it and
(
regex "^(\s)*$" = application name of it OR application name of it ends with "\BESRelay.exe"
)
AND regex "^(\s)*$" = service name of it
)
)
of firewall
)
OR
(
exist key "HKLM\Software\Policies\Microsoft\WindowsFirewall\FirewallRules" whose
(
exists value whose
(
it as string as lowercase contains "|action=allow|" and it as string as lowercase contains "|active=true|" AND it as string as lowercase contains "|dir=in|" and
(
it as string as lowercase contains "|protocol=1|" or NOT
(
it as string as lowercase contains "|protocol"
)
)
AND
(
it as string as lowercase contains "|lport=" &
(
value "ListenPort" of key "HKLM\SOFTWARE\BigFix\EnterpriseClient\GlobalOptions" of registry as string
)
& "|" OR not
(
it as string as lowercase contains "|lport="
)
)
AND
(
not
(
(
it as string as lowercase contains "|app="
)
)
OR
(
if
(
it as string as lowercase contains "|app="
)
then
(
it as string contains "\BESRelay.exe|"
)
else true
)
AND
(
(
it as string as lowercase contains "|profile=" &
(
if
(
current profile type of firewall = domain firewall profile type
)
then "domain|" else if
(
current profile type of firewall = public firewall profile type
)
then "public|" else if
(
current profile type of firewall = private firewall profile type
)
then "private|" else "INVALID"
)
)
OR not
(
it as string as lowercase contains "|profile"
)
)
)
of it
)
of it
)
of native registry
)
)
AND
(
(
exists rule whose
(
(
enabled of it and
(
protocol of it = internet protocol 58
)
and inbound of it and profile
(
current profile type of firewall
)
of it and
(
regex "^(\s)*$" = application name of it OR application name of it ends with "\BESRelay.exe"
)
AND regex "^(\s)*$" = service name of it
)
)
of firewall
)
OR
(
exist key "HKLM\Software\Policies\Microsoft\WindowsFirewall\FirewallRules" whose
(
exists value whose
(
it as string as lowercase contains "|action=allow|" and it as string as lowercase contains "|active=true|" AND it as string as lowercase contains "|dir=in|" and
(
it as string as lowercase contains "|protocol=58|" or NOT
(
it as string as lowercase contains "|protocol"
)
)
AND
(
it as string as lowercase contains "|lport=" &
(
value "ListenPort" of key "HKLM\SOFTWARE\BigFix\EnterpriseClient\GlobalOptions" of registry as string
)
& "|" OR not
(
it as string as lowercase contains "|lport="
)
)
AND
(
not
(
(
it as string as lowercase contains "|app="
)
)
OR
(
if
(
it as string as lowercase contains "|app="
)
then
(
it as string contains "\BESRelay.exe|"
)
else true
)
AND
(
(
it as string as lowercase contains "|profile=" &
(
if
(
current profile type of firewall = domain firewall profile type
)
then "domain|" else if
(
current profile type of firewall = public firewall profile type
)
then "public|" else if
(
current profile type of firewall = private firewall profile type
)
then "private|" else "INVALID"
)
)
OR not
(
it as string as lowercase contains "|profile"
)
)
)
of it
)
of it
)
of native registry
)
)
)
)
)
NOT (((exists rule whose ((NOT exists local ports string of it OR local ports string of it contains (value "ListenPort" of key "HKLM\SOFTWARE\BigFix\EnterpriseClient\GlobalOptions" of registry as string) OR local ports string of it = "*") AND (((application name of it ends with "\BESRelay.exe") AND NOT (service name of it = "BESRelay")) OR (regex "^(\s)*$" = application name of it AND regex "^(\s)*$" = service name of it)) and enabled of it and protocol of it = udp and inbound of it and profile (current profile type of firewall) of it) of firewall) OR (exists internet connection firewall whose (enabled of it AND exists port mapping whose (enabled of it AND protocol of it = "udp" AND internal port of it as string = (value "ListenPort" of key "HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\EnterpriseClient\GlobalOptions" of registry) as string) of it) of adapters of network) OR (exist key "HKLM\Software\Policies\Microsoft\WindowsFirewall\FirewallRules" whose ((exists value whose (it as string as lowercase contains "|action=allow|" and it as string as lowercase contains "|active=true|" AND it as string as lowercase contains "|dir=in|" and (it as string as lowercase contains "|protocol=17|" or NOT (it as string as lowercase contains "|protocol")) AND (it as string as lowercase contains "|lport=" & (value "ListenPort" of key "HKLM\SOFTWARE\BigFix\EnterpriseClient\GlobalOptions" of registry as string) & "|" OR not (it as string as lowercase contains "|lport=")) AND (not ((it as string as lowercase contains "|app=")) OR (it as string as lowercase contains "|app=" and it as string contains "\BESRelay.exe|")) AND ((it as string as lowercase contains "|profile=" & (if (current profile type of firewall = domain firewall profile type) then "domain|" else if (current profile type of firewall = public firewall profile type) then "public|" else if (current profile type of firewall = private firewall profile type) then "private|" else "INVALID")) OR not (it as string as lowercase contains "|profile"))) of it)) of native registry) OR (((exists key ("HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\" & (if (current profile type of firewall = domain firewall profile type) then "DomainProfile" else "StandardProfile") & "\GloballyOpenPorts") whose (exists value whose ((name of it as lowercase = "enabled") AND (it = 1)) of it) of it) AND (exists key ("HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\" & (if (current profile type of firewall = domain firewall profile type) then "DomainProfile" else "StandardProfile") & "\GloballyOpenPorts\List") whose (exists value whose ((name of it starts with value "ListenPort" of key "HKLM\SOFTWARE\BigFix\EnterpriseClient\GlobalOptions" of x32 registry as string & ":") AND (regex "^(\d)+:UDP:(.+)?:enabled:(.+)$" = name of it)) of it) of it)) of native registry) OR (((exists key ("HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\" & (if (current profile type of firewall = domain firewall profile type) then "DomainProfile" else "StandardProfile") & "\AuthorizedApplications") whose (exists value whose ((name of it as lowercase = "enabled") AND (it = 1)) of it) of it) AND (exists key ("HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\" & (if (current profile type of firewall = domain firewall profile type) then "DomainProfile" else "StandardProfile") & "\AuthorizedApplications\List") whose (exists value whose ((regex "^(.+)?\\BESRelay.exe:(.+)?:enabled:(.+)$" = name of it)) of it) of it)) of native registry)) AND ((exists rule whose ((NOT exists local ports string of it OR local ports string of it contains (value "ListenPort" of key "HKLM\SOFTWARE\BigFix\EnterpriseClient\GlobalOptions" of registry as string) OR local ports string of it = "*") AND (((application name of it ends with "\BESRelay.exe") AND NOT (service name of it = "BESRelay")) OR (regex "^(\s)*$" = application name of it AND regex "^(\s)*$" = service name of it)) and enabled of it and protocol of it = tcp and inbound of it and profile (current profile type of firewall) of it) of firewall) OR (exists internet connection firewall whose (enabled of it AND exists port mapping whose (enabled of it AND protocol of it = "tcp" AND internal port of it as string = (value "ListenPort" of key "HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\EnterpriseClient\GlobalOptions" of registry) as string) of it) of adapters of network) OR (exist key "HKLM\Software\Policies\Microsoft\WindowsFirewall\FirewallRules" whose ((exists value whose (it as string as lowercase contains "|action=allow|" and it as string as lowercase contains "|active=true|" AND it as string as lowercase contains "|dir=in|" and (it as string as lowercase contains "|protocol=6|" or NOT (it as string as lowercase contains "|protocol")) AND (it as string as lowercase contains "|lport=" & (value "ListenPort" of key "HKLM\SOFTWARE\BigFix\EnterpriseClient\GlobalOptions" of registry as string) & "|" OR not (it as string as lowercase contains "|lport=")) AND (not ((it as string as lowercase contains "|app=")) OR (it as string as lowercase contains "|app=" and it as string contains "\BESRelay.exe|")) AND ((it as string as lowercase contains "|profile=" & (if (current profile type of firewall = domain firewall profile type) then "domain|" else if (current profile type of firewall = public firewall profile type) then "public|" else if (current profile type of firewall = private firewall profile type) then "private|" else "INVALID")) OR not (it as string as lowercase contains "|profile"))) of it)) of native registry) OR (((exists key ("HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\" & (if (current profile type of firewall = domain firewall profile type) then "DomainProfile" else "StandardProfile") & "\GloballyOpenPorts") whose (exists value whose ((name of it as lowercase = "enabled") AND (it = 1)) of it) of it) AND (exists key ("HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\" & (if (current profile type of firewall = domain firewall profile type) then "DomainProfile" else "StandardProfile") & "\GloballyOpenPorts\List") whose (exists value whose ((name of it starts with value "ListenPort" of key "HKLM\SOFTWARE\BigFix\EnterpriseClient\GlobalOptions" of x32 registry as string & ":") AND (regex "^(\d)+:TCP:(.+)?:enabled:(.+)$" = name of it)) of it) of it)) of native registry) OR (((exists key ("HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\" & (if (current profile type of firewall = domain firewall profile type) then "DomainProfile" else "StandardProfile") & "\AuthorizedApplications") whose (exists value whose ((name of it as lowercase = "enabled") AND (it = 1)) of it) of it) AND (exists key ("HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\" & (if (current profile type of firewall = domain firewall profile type) then "DomainProfile" else "StandardProfile") & "\AuthorizedApplications\List") whose (exists value whose ((regex "^(.+)?\\BESRelay.exe:(.+)?:enabled:(.+)$" = name of it)) of it) of it)) of native registry)) AND ((exists key ("HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\" & (if (current profile type of firewall = domain firewall profile type) then "DomainProfile" else "StandardProfile") & "\IcmpSettings") whose (exists value whose (name of it = "AllowInboundEchoRequest" and it = 1) of it) of native registry) OR (((exists rule whose ((enabled of it and (protocol of it = internet protocol 1) and inbound of it and profile (current profile type of firewall) of it and (regex "^(\s)*$" = application name of it OR application name of it ends with "\BESRelay.exe") AND regex "^(\s)*$" = service name of it)) of firewall) OR (exist key "HKLM\Software\Policies\Microsoft\WindowsFirewall\FirewallRules" whose (exists value whose (it as string as lowercase contains "|action=allow|" and it as string as lowercase contains "|active=true|" AND it as string as lowercase contains "|dir=in|" and (it as string as lowercase contains "|protocol=1|" or NOT (it as string as lowercase contains "|protocol")) AND (it as string as lowercase contains "|lport=" & (value "ListenPort" of key "HKLM\SOFTWARE\BigFix\EnterpriseClient\GlobalOptions" of registry as string) & "|" OR not (it as string as lowercase contains "|lport=")) AND (not ((it as string as lowercase contains "|app=")) OR (if (it as string as lowercase contains "|app=") then (it as string contains "\BESRelay.exe|") else true) AND ((it as string as lowercase contains "|profile=" & (if (current profile type of firewall = domain firewall profile type) then "domain|" else if (current profile type of firewall = public firewall profile type) then "public|" else if (current profile type of firewall = private firewall profile type) then "private|" else "INVALID")) OR not (it as string as lowercase contains "|profile"))) of it) of it) of native registry)) AND ((exists rule whose ((enabled of it and (protocol of it = internet protocol 58) and inbound of it and profile (current profile type of firewall) of it and (regex "^(\s)*$" = application name of it OR application name of it ends with "\BESRelay.exe") AND regex "^(\s)*$" = service name of it)) of firewall) OR (exist key "HKLM\Software\Policies\Microsoft\WindowsFirewall\FirewallRules" whose (exists value whose (it as string as lowercase contains "|action=allow|" and it as string as lowercase contains "|active=true|" AND it as string as lowercase contains "|dir=in|" and (it as string as lowercase contains "|protocol=58|" or NOT (it as string as lowercase contains "|protocol")) AND (it as string as lowercase contains "|lport=" & (value "ListenPort" of key "HKLM\SOFTWARE\BigFix\EnterpriseClient\GlobalOptions" of registry as string) & "|" OR not (it as string as lowercase contains "|lport=")) AND (not ((it as string as lowercase contains "|app=")) OR (if (it as string as lowercase contains "|app=") then (it as string contains "\BESRelay.exe|") else true) AND ((it as string as lowercase contains "|profile=" & (if (current profile type of firewall = domain firewall profile type) then "domain|" else if (current profile type of firewall = public firewall profile type) then "public|" else if (current profile type of firewall = private firewall profile type) then "private|" else "INVALID")) OR not (it as string as lowercase contains "|profile"))) of it) of it) of native registry)))))
