Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

"Choose a firewall option" prompt won't go away

Created: 17 Jul 2013 • Updated: 17 Jul 2013 | 9 comments

Running version 12.1.2015.2015 on Windows 7 64-bit.  After every reboot, the user is prompted to choose between Windows Firewall or SEP.  Firewall policy on SEPM is set to always disable Windows Firewall and disable the Windows Firewall Disabled message.  We've tried picking both options after the reboot, with no change.  Uninstalled/reinstalledd SEP with no change.

Anyone else have seen this problem?  I have over 600 SEP clients, most of which are Win 7 64-bit and this is the first machine I've seen this issue on.

Thanks in advance.

Operating Systems:

Comments 9 CommentsJump to latest comment

.Brian's picture

So this is happening to this only this machine?

I assume everything else about it is acting as expected? Reporting to SEPM?

I know there was a bug in earlier 12.1 versions but I don't think it is quite the same as what you're seeing:

Windows Firewall is not fully functional after the Symantec Endpoint Protection firewall is disabled or the policy is withdrawn

Fix ID: 2949824

Symptom: Even after you disable the Symantec Endpoint Protection firewall, or withdraw the firewall policy, the Windows Firewall is not fully functional.

Solution: Changed the default so that when you disable or withdraw the policy for the Symantec Endpoint Protection firewall, Symantec Endpoint Protection does not take over Windows Firewall.

Upgrading to RU3 fixes the above. Can you try running a repair on the client to see what the result is?

Perhaps uninstalling will correct this or if you can, test out RU3 on this client. RU2 SEPM can manage RU3 clients.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Jamie Kelahan's picture

Yes, only on this machine and everything else is acting as it should.  I'll try RU3 and see if that does anything.  That was going to be my next step anyway, but thought I would post here in case anybody else had see the same issue.

 

.Brian's picture

If you can quickly test RU3 that would be ideal.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Rafeeq's picture

Try these steps

  • Back up the WMI repository per this Microsoft article: http://technet.microsoft.com/en-us/library/cc731460.aspx
  • Reset the WMI repository with wmimgmt /resetrepository or do it manually:
    Stop the Windows Management Instrumentation Service and the dependencies.
    As an Administrator rename the folder Repository in C:\Windows\System32\Wbem\
    Start the Windows Management Instrumentation Service.
  • Reinstall or do a repair install of SEP and check the Security/Action Center.

 

AjinBabu's picture

HI, 

Test RU 3 and let us know the outcomes.

Regards

Ajin

Jamie Kelahan's picture

Sorry for the delay.  I've been out of the office for a few days and wasn't able to connect with the user that was having the problem.

RU 3 did not solve the issue.  I just ran the RU 3 update without uninstalling the previous version or anything.

I will try the WMI repository fix that Rafeeq has suggested above - most likely tomorrow - and will post the results.

 

Jamie Kelahan's picture

Tried the WMI repository fix that Rafeeq suggested, however it did not go necessarily to plan.  I backed up the repository, reset it manually by stopping WMI service and dependencies, renaming the C:\Windows\System32\Wbem\Repository folder and starting the WMI service.  After that, I attempted to do a repair of the SEP client, but if failed with a "critical failure" message.  Rebooted and tried to do the repair of SEP again with the same result.

So, I uninstalled SEP, rebooted and reinstalled.  I installed RU2, not RU3, mainly because I do not yet have a package for RU3 set up.  And the same problem still exists.  The "choose a firewall option" prompt continues to come up for the user.  It takes a while (up to 10 minutes after a reboot) for the prompt to appear, but it does come up.  Checking the Windows Firewall settings in Control Panel, it appears to be reporting as expected - Windows firewall is turned off and the message "These settings are being managed by vendor application SEP" is being shown at the top of the page.

It appears that everything is working as it should - Windows firewall is disabled, Symantec firewall is running, firewall rules appear to be applied and working as they should, etc. - but the user continues to get prompted after every reboot.  And again, this is the first time I have ever seen this problem with over 600 current clients.

Jamie Kelahan's picture

Well, I hate to admit this, but the problem was with the policy set on the user's group.  The setting for disabling the Windows Security Center was set to "Never" instead of "Always" as it should have been.  Due to some other requirements, this user is included in a small group that has their own policy instead of my default one that is shared throughout most of the rest of the company.  I never looked that closely at the policy, due to the fact that the user told me that nobody else in his group was having the same problem and it was only happening on his machine.

I guess that's what I get for trusting information given by a user... :)

Sorry for wasting anyone's time and again, thanks for all your responses.

.Brian's picture

No worries, thanks for checking back and posting an update!

Take care,
Brian

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.