Alert if the firewall disabled in the endpoint (CUSTOM SCRIPT)

This script will monitor the Firewall status and whenever the Firewall settings disabled in the endpoint, this script will generate an alert.

If the Comodo client security is installed on your machine and the if the firewall option has been disabled in the client security, then also the alert will be generated.

import os 
import sys 
import _winreg 

def alert(arg): 
    sys.stderr.write("%d%d%d" % (arg, arg, arg)) 

# Please use "alert(1)" to turn on the monitor(trigger an alert) 
# Please use "alert(0)" to turn off the monitor(disable an alert) 
# Please do not change above block and write your script below 

import os
import ctypes 
class disable_file_system_redirection:
    _disable = ctypes.windll.kernel32.Wow64DisableWow64FsRedirection
    _revert = ctypes.windll.kernel32.Wow64RevertWow64FsRedirection
    def __enter__(self):
        self.old_value = ctypes.c_long()
        self.success = self._disable(ctypes.byref(self.old_value))
    def __exit__(self, type, value, traceback):
        if self.success:
with disable_file_system_redirection():
    def firewall():
        current_status=os.popen('Netsh Advfirewall show allprofiles').read()
        status_verify =  [i.strip() for i in current_status.split('
') if   "OFF" in i.strip()]
        for i  in status_verify:
            print ""
        if "OFF"  in i :
            print "Firewall disabled"
        elif i == "":
            print "Firewall enabled"



20170525-Alert_If_Firewall_Disabled.json (1.94 KB)