4 Protocol Example

The Windows Security Health Agent (WSHA) and Windows Security Health Validator (WSHV) Protocol is a simple protocol with a single exchange. The party seeking access to a network resource sends the SoH, and then receives a SoHR. For a given compliance code for a given security health class, there is a set of responses that the server can return based on the defined policy.

For example:

  1. A policy requires the client to have antivirus software enabled with up-to-date virus definitions.

  2. The client reports in the SoH that the antivirus application is enabled, but the definitions are out-of-date.

  3. The WSHV makes the determination that the client is out of compliance, and then returns the appropriate error code in the SoHR.

  4. The client receives the SoHR, and then places itself in quarantine.

  5. After the virus definitions are updated, a new SoH is sent showing that the client is in compliance with policy.

  6. The WSHV returns an S_OK in the SoHR, and then the client is taken out of quarantine.