Symantec Endpoint Protection does not detect network applications if Base Filtering Engine service is stopped
| Article:TECH161309 | | | Created: 2011-05-31 | | | Updated: 2011-06-28 | | | Article URL http://www.symantec.com/docs/TECH161309 |
Problem
Symantec Endpoint Protection does not detect network applications if Base Filtering Engine service is stopped
Error
Various Endpoint Protection firewall features may not work as expected: traffic from network applications is not detected. Configured prompts and actions (block/allow application traffic, or ask user) do not occur. Intrusion Prevention will not log suspicious traffic.
Cause
This will happen if the Windows Base Filtering Engine service is stopped.
The Base Filtering Engine (BFE) is a Microsoft service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications.
Solution
Ensure that the Windows Base Filtering Engine service is running, then continue troubleshooting.
|
|
| Source | ETrack |
| Value | 2321633 |
| Description | SEP can't detect some network applications. |
| Source | ETrack |
| Value | 2321706 |
| Description | SEP is not detecting network IPS attack |
Article URL http://www.symantec.com/docs/TECH161309
Terms of use for this information are found in Legal Notices
Thank you.