Video Screencast Help
Symantec Connect login will not be available from 7am-1pm PT, Saturday April 12th, estimated. During that time, you will not be able to log in or engage in any activity on the site such as posting, commenting, or voting. You can still view and search content. Sorry for the inconvenience.

Windows 7 Firewall indicate that "These Settings are being managed by vendor application Symantec Endpoint Protection", even when Symantec Endpoint Protection (SEP) 11.0 Network Threat Protection (NTP) is not installed.

Created: 09 Mar 2011 • Updated: 12 May 2011 | 11 comments
Language Translations
Mithun Sanghavi's picture
+10 10 Votes
Login to vote

Problem

You install Symantec Endpoint Protection 11.0 without Network Threat Protection on a Windows 7 machine.

Windows 7 Firewall indicate that "These Settings are being managed by vendor application Symantec Endpoint Protection, even when Symantec Endpoint Protection (SEP) 11.0 Network Threat Protection (NTP) is not installed.

In the Windows 7 Firewall, Domain networks shows "Connected" with a Red "X", Home or Work (private) networks shows "Not Connected" with a Red "X" and Public networks shows "Connected" with a Red "X". even though Symantec Endpoint Protection Network Threat Protection is not installed.

 

 

 

You notice that on the Advanced settings screens of the Windows Firewall Control Panel indicates that the Windows Firewall is "On"

This behavior differs from that in XP, as in XP the Windows firewall is explicitly off.

 

ERROR

 "These Settings are being managed by vendor application Symantec Endpoint Protection".

 

Cause of the this Error:  

The behavior of Windows 7 in regards to 3rd party firewalls (such as SEP) differs slightly than previous versions of Windows. In Windows 7, Microsoft changed Security Center to Action Center. In Action Center, a more universal interface was created for protection technology (Firewall, Antivirus, etc). Windows Firewall is indeed turned off when SEP NTP is enabled, indicated by the Installed Firewall list, as well as the General Firewall status section indicating that firewall rules are being managed by SEP. To verify the true Windows Firewall status: Open Action Center -> Expand "Security". Find line item "Network Firewall On". Below is a link "View installed firewall programs": Symantec Endpoint Protection is listed as installed and On, Windows firewall is listed as installed and Off

 

Solution  

This is expected behavior, and both SEP 11.0 and the Windows 7 firewall are working as intended.

However, incase you would like to change the settings, then perform the steps given below:

1) Create a New Group specifically for "Windows 7" machines in the Symantec Endpoint Protection Manager 11

2) Move all the Windows 7 Machines from their Respective groups to the group created specifically for "Windows 7" machines.

3) Once all the above steps are completed, Go to the Policies Tab for the specifically "Windows 7" machines.

4) Open the "Firewall Policy" and Click on "Create Non-shared from Copy"

5) Uncheck the Box that states "Enable this policy" and Click on "OK" button.

 

 

You will see the Firewall Policy gets grayed out. (as shown below)

 

 

 

6) Click on Tasks next to Firewall Policy [non-shared] and click on "Withdraw Policy" and then Click on "Yes".

 

 

7) You will see the Firewall Policy completely removed from the Policies TAB of the "Windows 7" group.

 

Once completed with the above steps, within sometime we will see the Windows 7 Firewall Settings will be with Green Check and the Message ""These Settings are being managed by vendor application Symantec Endpoint Protection" disappear.

 

 

Comments 11 CommentsJump to latest comment

RhoSysAdmin's picture

I tried these exact steps on a Windows 7 computer and they did not work.  I'm running 11.0.5002.333.  Has anyone else had similar troubles?

KH

+1
Login to vote
Raul B.'s picture

I have found that the same procedure described here works on a Windows Server 2008 R2 64 bits. This article provided me the last step I didn't discovered by myself, that is to withdraw the policy, not technically needed for the solution, but cleaner :-)

Thanks.

+1
Login to vote
johnnyh's picture

I have removed the firewall policy in my client group.

Still got this on my client - https://www-secure.symantec.com/connect/imagebrows...

I followed the guide above...

 

We are running sep v 11.0.5002.333.

 

Any ideas?

0
Login to vote
Mithun Sanghavi's picture

Hello,

You are carrying a older version of SEP (11.0.5002), it is advised to migrate to the Latest version of SEP 11.0.7101 (SEP RU7 MP1).

Check this Article to find how Old version are you carrying:

What are the Symantec Endpoint Protection (SEP) versions released officially?

https://www-secure.symantec.com/connect/articles/what-are-symantec-endpoint-protection-sep-versions-released-officialy

It is important to maintain consitency in the SEP 11 - check article below:

About Maintaining Consistency of Software Versions throughout a SEP 11 Organization

http://www.symantec.com/docs/TECH131660

Migrating to Symantec Endpoint Protection 11.0.7101 (RU7 MP1)

http://www.symantec.com/docs/TECH171552

Reason for Migration: 

Release notes for Endpoint Protection and Network Access Control 11

http://www.symantec.com/docs/TECH103087

 

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

0
Login to vote