exists key
(
if
(
exists key "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall" of registry
)
then
(
"HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\"
)
else
(
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\"
)
&
(
if
(
current profile type of firewall = domain firewall profile type
)
then
(
"DomainProfile"
)
else
(
"StandardProfile"
)
)
)
whose
(
value "DoNotAllowExceptions" of it = 1
)
of registry OR
(
(
not exists globally open port whose
(
enabled of it AND port of it as string =
(
value "ListenPort" of key "HKLM\SOFTWARE\BigFix\EnterpriseClient\GlobalOptions" of registry as string
)
AND protocol of it = tcp
)
of current profile of local policy of firewall
)
AND
(
exists internet connection firewall whose
(
enabled of it AND
(
not exists port mapping whose
(
enabled of it AND protocol of it = "tcp" AND internal port of it as string =
(
value "ListenPort" of key "HKLM\SOFTWARE\BigFix\EnterpriseClient\GlobalOptions" of registry as string
)
)
of it
)
)
of adapters of network
)
AND
(
not exists authorized application whose
(
enabled of it AND
(
it ends with "besrelay.exe" OR it ends with "filldb.exe"
)
of
(
process image file name of it as lowercase
)
)
of current profile of local policy of firewall
)
)
OR
(
(
not exists globally open port whose
(
enabled of it AND port of it as string =
(
value "ListenPort" of key "HKLM\SOFTWARE\BigFix\EnterpriseClient\GlobalOptions" of registry as string
)
AND protocol of it = udp
)
of current profile of local policy of firewall
)
AND
(
exists internet connection firewall whose
(
enabled of it AND
(
not exists port mapping whose
(
enabled of it AND protocol of it = "udp" AND internal port of it as string =
(
value "ListenPort" of key "HKLM\SOFTWARE\BigFix\EnterpriseClient\GlobalOptions" of registry as string
)
)
of it
)
)
of adapters of network
)
AND
(
not exists authorized application whose
(
enabled of it AND
(
it ends with "besclient.exe"
)
of
(
process image file name of it as lowercase
)
)
of current profile of local policy of firewall
)
)
exists key (if (exists key "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall" of registry) then ("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\") else ("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\") & (if (current profile type of firewall = domain firewall profile type) then ("DomainProfile") else ("StandardProfile"))) whose (value "DoNotAllowExceptions" of it = 1) of registry OR ((not exists globally open port whose (enabled of it AND port of it as string = (value "ListenPort" of key "HKLM\SOFTWARE\BigFix\EnterpriseClient\GlobalOptions" of registry as string) AND protocol of it = tcp) of current profile of local policy of firewall) AND (exists internet connection firewall whose (enabled of it AND (not exists port mapping whose (enabled of it AND protocol of it = "tcp" AND internal port of it as string = (value "ListenPort" of key "HKLM\SOFTWARE\BigFix\EnterpriseClient\GlobalOptions" of registry as string)) of it)) of adapters of network) AND (not exists authorized application whose (enabled of it AND (it ends with "besrelay.exe" OR it ends with "filldb.exe") of (process image file name of it as lowercase)) of current profile of local policy of firewall)) OR ((not exists globally open port whose (enabled of it AND port of it as string = (value "ListenPort" of key "HKLM\SOFTWARE\BigFix\EnterpriseClient\GlobalOptions" of registry as string) AND protocol of it = udp) of current profile of local policy of firewall) AND (exists internet connection firewall whose (enabled of it AND (not exists port mapping whose (enabled of it AND protocol of it = "udp" AND internal port of it as string = (value "ListenPort" of key "HKLM\SOFTWARE\BigFix\EnterpriseClient\GlobalOptions" of registry as string)) of it)) of adapters of network) AND (not exists authorized application whose (enabled of it AND (it ends with "besclient.exe") of (process image file name of it as lowercase)) of current profile of local policy of firewall))