Endpoint Protection

 View Only

  • 1.  Check FW status

    Posted Jun 19, 2013 05:08 AM

    Hello,

    we use SEP 12.1.2 and need to check if the firewall is enable or not, through a script or command line. Excepted doing wget or other flow check, is there a way to do that ?

    I didn't find option for the smc -ntp...

    And last one  : can you confirm me that disabling the FW does'nt stop the component but only set all rules to any/any ?

    Thanks in advance,

     

    Regards



  • 2.  RE: Check FW status

    Broadcom Employee
    Posted Jun 19, 2013 05:31 AM

    check for running of teefer driver, if its active for not.

    by disabling policy the traffic is allow all.



  • 3.  RE: Check FW status
    Best Answer

    Posted Jun 19, 2013 05:33 AM

    You can check via registry

    . To check if Network Threat Protection is installed and is Turned ON.

    HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC

    smc_engine_status  0 – means turned OFF 1- turned ON.

    . To check if Network Threat Protection is installed and is Turned ON.

    HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC

    smc_engine_status  0 – means turned OFF 1- turned ON.

    https://www-secure.symantec.com/connect/articles/symantec-endpoint-protection-few-registry-tweaks



  • 4.  RE: Check FW status

    Posted Jun 19, 2013 10:27 AM

    Hi,

     

    thanks for your answers. Seems that solution is the second one (regkey) when i just disable the firewall through the client (GUI). Teefer2 hidden service still started even if stopped. That surely confirms that disabling the FW let the service running.

    Regards



  • 5.  RE: Check FW status

    Posted Jun 19, 2013 10:31 AM

    One last question : Network Thread Protection = FW & IPS.

    Does that mean that if no IPS, reg key is set to 0 ?



  • 6.  RE: Check FW status

    Posted Jun 19, 2013 10:47 AM

    Answer : IPS does not impact this regkey ! Great!