3.2.1 Abstract Data Model
The following is a state diagram for the WSHA:
Figure 3: WSHA state
If the WSHA is running but the WSHV is not running (or it is not applied to an NPS policy), the WSHA will send its payload in the SoH, but then NPS server will ignore it. This is handled by the [TNC-IF-TNCCSPBSoH] protocol and does not involve the Windows Security Health Agent (WSHA) and Windows Security Health Validator (WSHV) Protocol [MS-WSH].
The WSHA is stateless, so when it sends an SoH, it does not actively wait for an SoHR. If the client sends an SoH, the client will not send a new SoH unless the security health status changes or a new SoH is requested by the NAP agent.
ADM elements are defined for the WSHA as follows:
FirewallStatus: This ADM element stores the WSC status for firewall as described in section 2.2.9.2.
-
The definition of this ADM element is as follows.
-
DWORD FirewallStatus;
-
NumberOfFirewallProducts: This ADM element stores the number of firewall products that are installed in the system.
-
The definition of this ADM element is as follows.
-
DWORD NumberOfFirewallProducts;
-
FirewallProductsInformation: This ADM element describes all firewall products that are installed in the system.
-
The definition of this ADM element is as follows.
-
ProductInformation[] FirewallProductsInformation;
-
-
The ProductInformation data type is defined in section 2.2.15.1.
AntivirusStatus: This ADM element stores the WSC status for antivirus as described in section 2.2.9.2.
-
The definition of this ADM element is as follows.
-
DWORD AntivirusStatus;
-
NumberOfAntivirusProducts: This ADM element stores the number of antivirus products that are installed in the system.
-
The definition of this ADM element is as follows.
-
DWORD NumberOfAntivirusProducts;
-
AntivirusProductsInformation: This ADM element describes all antivirus products that are installed in the system.
-
The definition of this ADM element is as follows.
-
ProductInformation[] AntivirusProductsInformation;
-
-
The ProductInformation data type is defined in section 2.2.15.1.
AntispywareStatus: This ADM element stores the WSC status for antispyware as described in section 2.2.9.2.
-
The definition of this ADM element is as follows.
-
DWORD AntispywareStatus;
-
NumberOfAntispywareProducts: This ADM element stores the number of antispyware products that are installed on the client.
-
The definition of this ADM element is as follows.
-
DWORD NumberOfAntispywareProducts;
-
AntispywareProductsInformation: This ADM element describes all antispyware products that are installed in the system.
-
The definition of this ADM element is as follows.
-
ProductInformation[] AntispywareProductsInformation;
-
-
The ProductInformation data type is defined in section 2.2.15.1.
AutomaticUpdatesStatusCode: This ADM element describes the status of the automatic updates feature of Windows Security Center (WSC).
-
The definition of this ADM element is as follows.
-
DWORD AutomaticUpdatesStatusCode;
-
-
Refer to section 2.2.9.5 for information about possible values for this ADM element.
SUStatus: This ADM element describes the status of software updates.
-
The definition of this ADM element is as follows.
-
SecurityUpdatesStatus SUStatus;
-
-
The SecurityUpdatesStatus data type is defined in section 2.2.15.2.
-
This ADM is initialized by calling to the abstract interface GetSecurityUpdatesStatus, described in section 3.2.4.10.
SohFlag: This ADM element holds the value of the Flag as described in section 2.2.5.
-
The definition of this ADM element is as follows.
-
DWORD SohFlag[2];
-
ClientVersion: This ADM element holds the value of the Version as described in section 2.2.6.
-
The definition of this ADM element is as follows.
-
DWORD ClientVersion[2];
-