I am working on doing a check for Firewalls. The following code quite easily checks the status of the default Windows Firewall:
INetFwMgr manager = GetFireWallManager();
bool isFirewallEnabled = manager.LocalPolicy.CurrentProfile.FirewallEnabled;
if (isFirewallEnabled == false)
{
Console.WriteLine("Firewall is not enabled.");
}
else
{
Consoe.WriteLine("Firewall is enabled.");
}
Console.ReadLine();
private static INetFwMgr GetFireWallManager()
{
Type objectType = Type.GetTypeFromCLSID(new Guid(firewallGuid));
return Activator.CreateInstance(objectType) as INetFwMgr;
}
The question then becomes: How do I find the status of a non-Windows Firewall? If the Firewall is properly integrated, will the above check work just the same or is there a better method for doing this? I have checked this post: C# Windows Security Center Settings and this post: C# - How to chceck if external firewall is enabled? but both proved relatively unhelpful.
I have been looking into the WMI API but it is pretty confusing so far, and the documentation via MSDN hasn't been too promising. I have also tried messing around with SelectQuery but so far I have been unsuccessful. Can anyone assist me in a new starting point or to where I might be able to find better documentation/instructions concerning 3rd Party Firewalls?
EDIT: Currently I am exploring further into WMI, specifically the class FirewallProduct
as suggested by a post.
UPDATE 2: I have been testing the following snippet:
string wmiNameSpace = "SecurityCenter2";
ManagementScope scope;
scope = new ManagementScope(String.Format("\\\\{0}\\root\\{1}", "localhost", wmiNameSpace), null);
scope.Connect();
ObjectQuery query = new ObjectQuery("SELECT * FROM FirewallProduct");
ManagementObjectSearcher searcher = new ManagementObjectSearcher(scope, query);
But running this results in the following error:
Exception Invalid namespace
and it points to line 39 (scope.Connect()
). I would not be at all surprised if I have simply missed a parameter or formatted something improperly, I just don't know what it is.
UPDATE 3 Switching from SecurityCenter2
to SecurityCenter
still yields the same invalid namespace
error.
UPDATE 4 I moved the console app over to a different box (win7 not winserver08r2) and it properly reported back as expected. So it may be an issue with the VM that I currently have been testing on. Next step is to parse out active/inactive status
UPDATE 5 It was tested on another Server08 box and the same invalid namespace
error appears. Using SecurityCenter
instead of SecurityCenter2
does not resolve the issue. Is there some underlying security feature Windows Server OS's use to prevent tampering with Firewalls, or do Server OS's not come with a specific key set of WMI features?