Endpoint Protection Small Business Edition

We are using the cloud-based Symantec Endpoint Protection, purchased in a bundle from Pax8 with the Symantec MessageLabs spam filter service. We are attempting to install a document management app (for scanned and computer-generated documents) called DocsTools, developed by DISC, a local developer in Little Rock, AR.

Our machines are inconsistent in allowing the install. Sometimes, the program installs and executes without incident.  Other times, SEP deletes the DocsTools.EXE file as soon as it is installed, but we are able to restore it from the quarantine and run it. Other times, the firewall warning window pops up and gives us the option to block the program or allow it to run. But sometimes, the SEP firewall simply blocks the program from communicating to its server component and doesn’t give us the option to allow it to run.

I’m trying to find where in the SEP Small Business Edition Cloud Console I can either add this program to a whitelist of programs that should always be able to run, or even turn off the SONAR firewall (and go back to using Windows 7’s native firewall, which we can manage via GPOs). Google searches give results that seem to all point to non-cloud implementations with a local config manager for setting policies.

If you go into your policy under Services under Network Protection there is an option to add firewall rules.

In the same place there is also a Program Control section where you can add any discovered apps to be excluded.

Sadly, wildcards/variables are not supported.

Finally located it right after I posted. Turned off SONAR and Smart Firewall to see if the app would run, and it did.

The problem with trying to make an exception is that the app is a web-install off an in-house server, and the EXE gets put in each user's AppData\Local folder, so the path is not consistent. Or will the exception rule allow use of variables to do something like C:\Users\%username%\AppData\Local\....?

BrianRoden,

If you want to use variables in the exclusions field, please read this article and submit your feedback.

https://www-secure.symantec.com/connect/forums/sepcloud-partners-you-can-help-improve-product-use-feedback

The topic has been raised in the past, but it is time for Symantec to realize that their clients absolutely need that ability.

OK, so I have to turn the SEP firewalls off for this to work. But Windows Firewall still says it is being managed by EnpointProtection.cloud

How do I get Windows 7 firewall back on?

To review:

In the HostedEndPoint.spn page for the client, go to Policies tab, select the copy of the default you made.

Scroll down to the Network Protection section and check the box for "user can disable firewall"

Save the policy change and wait until the push shows 100%.

Wait a few minutes and logon to the client machine.

Right click the Sym.cloud icon in the System Tray, it should show the Disable firewall option.  (If not wait until it does.)

Click it and select the length of time you want it to be turned off.

Open the Windows Action Center - note that both firewalls should be off.

Click the View Options button and then select Turn on Windows Firewall.

Symantec will disable the Windows Firewall and reenable its version at the time specified.

Thanks, but that's not what I want. I can't add the application as an exception to the SEP firewall policy, because the install path is unique for each install/user (C:\users\%username%\Appdata\Local\...) and the exception rules don't allow variables.

I need to PERMANENTLY turn Win7 firewall back on, and keep SEP firewall from running at all. But still keep Symantec for AV.

I'm also pushing the developer to register their program with Symantec so it doesn't raise false positives.

This procedure would need to be performed on each affected desktop:

Open an elevated command prompt and issue the following series of commands:

cd \

cd program files\symantec.cloud\antivirus

avagent -SHOW_UI

Once the GUI is displayed, click on Settings, select Firewall, then turn off the Smart Firewall.

Click Apply to set this, then click Close, then close the GUI and the command prompt.

You will still need to go to the Windows Action Center to re-enable Windows Firewall.

Hope that helps.

I tried that, and if I change the Smart Firewall setting via the -SHOW_UI switch interface, but it is enabled in the policy at Symantec.cloud, it turns itself back on within a minute. If I turn it off via the policy at Symantec.cloud, then it shows it as already turned off when I execute the command line above and go to Settings, Firewall. Even after a couple of reboots after turning off Smart Firewall, Windows Firewall still says "this feature is being managed by Endpoint Protection.cloud"

We have Windows Firewall turned on for all desktops via group policy, and that policy was working prior to installing SEP Small Business cloud

You may have to wait for the new 22.5.2.24 release to hit your desktop.

To me "permanently" should mean exactly what it says.  If you're saying that it doesn't stay, then you have to open a ticket with support.