Walter.Web.FireWall
FireWallDiskManipulationEventArgs Class
Members  Example 
Walter.Web.FireWall Assembly > Walter.Web.FireWall.EventArguments Namespace : FireWallDiskManipulationEventArgs Class
Event arguments raised by the firewall when disk manipulations has been discovered
Object Model
FireWallDiskManipulationEventArgs ClassFireWallDiskViolation Class
Syntax
public class FireWallDiskManipulationEventArgs : Walter.IO.EventArguments.DiskManipulationEventArgs 
Remarks
This argument allows you to perform a choice of actions the firewall will do for all future requests
Example
The following code shows how to use the firewall to send an mail (if mail add-on installed) when a change on disk is detected by a application that is actually communicating via the network. This could be RemoteDesktop WinVCM or TeamViewer, Telnet, FTP etc.
private void MyFireWall_OnDiskManipulation(object sender, DiskManipulationEventArgs e)
 {
     foreach (var item in e.Violation.Talking)
     {
         if (item.tcpRecord.Scope == Walter.Net.Networking.CommunicationScopes.WAN)
         {
             (this as IFireWall).SendEmail(EMailRoles.SecurityRelevant
                                         , "A file change with external communication was detected"
                                         , MakeEmailBody(item.tcpRecord.Scope,e.Violation.ExecutingBinary, item.tcpRecord.RemoteAddress)
                                         , true);
         }
         else
         { 
             (this as IFireWall).SendEmail(EMailRoles.SecurityRelevant
                                         , "A file change with internal communication was detected"
                                         , MakeEmailBody(item.tcpRecord.Scope,e.Violation.ExecutingBinary, item.tcpRecord.RemoteAddress)
                                         , true);
            
         }
     }
     e.Action = ApplicationCompromisedActions.ShutDown | ApplicationCompromisedActions.PersistOnReboot;
 }
            
 private string MakeEmailBody(Walter.Net.Networking.CommunicationScopes scope,string executingBinary, IPAddress remoteAddress)
 {
    private string MakeEmailBody(Walter.Net.Networking.CommunicationScope scope,string executingBinary, IPAddress remoteAddress)
    {
        if (scope == Walter.Net.Networking.CommunicationScopes.WAN)
        {       
            var map = _geo.QueryMapLocation(remoteAddress); 
            var whois = Whois(remoteAddress);
            return @"
            
                We have detected a disk change by {ApplicationPath} from IP address: {IPAddress}
            
                While capturing the issue we recorded the IP coming from {City} - {Country} google maps linkThe IP address is managed by :
                {WhoIs}
            
             ".Replace("{ApplicationPath}", executingBinary, StringComparison.OrdinalIgnoreCase)
                .Replace("{IPAddress}", remoteAddress.ToString(), StringComparison.OrdinalIgnoreCase)
                .Replace("{City}", map.City, StringComparison.OrdinalIgnoreCase)
                .Replace("{Country}", map.Country, StringComparison.OrdinalIgnoreCase)
                .Replace("{Link}", map.GoogleMapLocation().AbsoluteUri, StringComparison.OrdinalIgnoreCase)
                .Replace("{WhoIs}", whois.ToHtml(), StringComparison.OrdinalIgnoreCase);
        }
        
        return  @" We have detected a disk change by {ApplicationPath} from IP address: {IPAddress}-{scope}"
                   .Replace("{ApplicationPath}", executingBinary, StringComparison.OrdinalIgnoreCase)
                   .Replace("{IPAddress}", remoteAddress.ToString(), StringComparison.OrdinalIgnoreCase)
                   .Replace("{Scope}",scope.ToString(),StringComparison.OrdinalIgnoreCase);
     }
   }
}
Inheritance Hierarchy

System.Object
   System.EventArgs
      Walter.IO.EventArguments.DiskManipulationEventArgs
         Walter.Web.FireWall.EventArguments.FireWallDiskManipulationEventArgs

Requirements

Target Platforms: Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows Server 2008 (Server Core not supported), Windows Server 2008 R2 (Server Core supported with SP1 or later), Windows Server 2003 SP2

See Also

Reference

FireWallDiskManipulationEventArgs Members
Walter.Web.FireWall.EventArguments Namespace
IDiskGuard Interface