Video Screencast Help

Command line to uninstall the Firewall component - SEP 12

Created: 29 Oct 2012 • Updated: 29 Oct 2012 | 7 comments
ThaveshinP's picture
This issue has been solved. See solution.

What is the command line to modify and remove the firewall component/feature on  a SEP 12 client?

Comments 7 CommentsJump to latest comment

Chetan Savade's picture


I am aware how to disable it through command prompt need to check more to know about uninstall.

To disable SEP client firewall service

smc -disable –ntp

To enable client firewall service

smc -enable -ntp

If the SEP client UI is password protected:

smc -disable -ntp -p <password>

I hope it's been informative.

How to uninstall Symantec Endpoint Protection (SEP) client silently using the command line

Check this article for more reference.

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

ThaveshinP's picture

I want to keep NTP - IPS , but just want to remove the firewall feature as the customer ses the Windows firewall. If I disable the symantec firewall from the client GUI - it shows up as an error and I dont want to SEP client to display an error -I have 35000 machines that I need to do this on. The install package had the SEP firewall enabled - that was a mistake - I need to remove the firewall component ONLY from NTP but keep IPS still active.

Mithun Sanghavi's picture


Why not uninstall the Firewall Feature by deploying a new package via Auto-upgrade Feature from SEPM.

Check this Article:

How to add or remove features to existing Symantec Endpoint Protection (SEP) client installations

Note: A Restart may be required for uninstalling NTP Firewall.

However, in reference to the MSI command line to the SEP 12.1, its in the documentation as mentioned by Paul here

Hope that helps!!

Mithun Sanghavi
Associate Security Architect


Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

pete_4u2002's picture

SEP 12 have the feature to work IPS without NTP. hence you can disable.

ThaveshinP's picture

What is the network impact of using the autoupgrade ?

1) Clients have same version- just feature removed

2) Clients have older version - upgrade of client

pete_4u2002's picture

the package sent to client is the impact.

ofcourse the module removal will lessen the security..

ThaveshinP's picture

I was thinking more along the lines of - does it send the entire package as a whole to the machine to be upgraded or does it break it up into smaller data packets and then putting it altogether to upgrade.