Symantec Endpoint Protection does not detect network applications if Base Filtering Engine service is stopped

Article:TECH161309  |  Created: 2011-05-31  |  Updated: 2011-06-28  |  Article URL http://www.symantec.com/docs/TECH161309
Article Type
Technical Solution


Issue



Symantec Endpoint Protection does not detect network applications if Base Filtering Engine service is stopped


Error



Various Endpoint Protection firewall features may not work as expected: traffic from network applications is not detected. Configured prompts and actions (block/allow application traffic, or ask user) do not occur. Intrusion Prevention will not log suspicious traffic.


Cause



This will happen if the Windows Base Filtering Engine service is stopped.

The Base Filtering Engine (BFE) is a Microsoft service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications.

 


Solution



Ensure that the Windows Base Filtering Engine service is running, then continue troubleshooting.
 


Supplemental Materials

SourceETrack
Value2321633
Description

SEP can't detect some network applications.


SourceETrack
Value2321706
Description

SEP is not detecting network IPS attack



Article URL http://www.symantec.com/docs/TECH161309


Terms of use for this information are found in Legal Notices