private void MyFireWall_OnDiskManipulation(object sender, DiskManipulationEventArgs e)
 {
     foreach (var item in e.Violation.Talking)
     {
         if (item.tcpRecord.Scope == Walter.Net.Networking.CommunicationScopes.WAN)
         {
             (this as IFireWall).SendEmail(EMailRoles.SecurityRelevant
                                         , "A file change with external communication was detected"
                                         , MakeEmailBody(item.tcpRecord.Scope,e.Violation.ExecutingBinary, item.tcpRecord.RemoteAddress)
                                         , true);
         }
         else
         {
             (this as IFireWall).SendEmail(EMailRoles.SecurityRelevant
                                         , "A file change with internal communication was detected"
                                         , MakeEmailBody(item.tcpRecord.Scope,e.Violation.ExecutingBinary, item.tcpRecord.RemoteAddress)
                                         , true);
            
         }
     }
     e.Action = ApplicationCompromisedActions.ShutDown | ApplicationCompromisedActions.PersistOnReboot;
 }
            
 private string MakeEmailBody(Walter.Net.Networking.CommunicationScopes scope,string executingBinary, IPAddress remoteAddress)
 {
    private string MakeEmailBody(Walter.Net.Networking.CommunicationScope scope,string executingBinary, IPAddress remoteAddress)
    {
        if (scope == Walter.Net.Networking.CommunicationScopes.WAN)
        {
            var map = _geo.QueryMapLocation(remoteAddress);
            var whois = Whois(remoteAddress);
            return @"
            
                We have detected a disk change by {ApplicationPath} from IP address: {IPAddress}
            
                While capturing the issue we recorded the IP coming from {City} - {Country} google maps linkThe IP address is managed by :
                {WhoIs}
            
             ".Replace("{ApplicationPath}", executingBinary, StringComparison.OrdinalIgnoreCase)
                .Replace("{IPAddress}", remoteAddress.ToString(), StringComparison.OrdinalIgnoreCase)
                .Replace("{City}", map.City, StringComparison.OrdinalIgnoreCase)
                .Replace("{Country}", map.Country, StringComparison.OrdinalIgnoreCase)
                .Replace("{Link}", map.GoogleMapLocation().AbsoluteUri, StringComparison.OrdinalIgnoreCase)
                .Replace("{WhoIs}", whois.ToHtml(), StringComparison.OrdinalIgnoreCase);
        }
            
        return  @" We have detected a disk change by {ApplicationPath} from IP address: {IPAddress}-{scope}"
                   .Replace("{ApplicationPath}", executingBinary, StringComparison.OrdinalIgnoreCase)
                   .Replace("{IPAddress}", remoteAddress.ToString(), StringComparison.OrdinalIgnoreCase)
                   .Replace("{Scope}",scope.ToString(),StringComparison.OrdinalIgnoreCase);
     }
   }
}