Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Disabled (Network Threat Protection is off) on all clients

Created: 05 May 2010 | 21 comments

I am currently deploying SEP 12 SBE throughout my company. However, I am having an issue.

We do not want any firewall on the machines, as we manage that elsewhere, so I built a package to deploy through AD with Network Threat Protection unchecked (so only Virus and Spyware protection is checked). I also went into the policies in SPM and turned off firewall and intrusion protection.

The issue is that, on the console, under Endpoint Status, all my machines are coming up as disabled, and each has Disabled (Network Threat Protection is off) as the error.

It is not impacting the software's performance, but I want them to show as up-to-date, as I know that is not installed. If I ignore it, I may miss a machine that actually has the virus protection disabled.

Any ideas?

Thanks!

Comments 21 CommentsJump to latest comment

Thomas K's picture

From the Home page under Preferences, uncheck the box shown below. This will prevent the Endpoint Status from reporting the NTP as off.

Kahlif's picture

Thank you for replying.  Attached is a screenshot of what I am talking about.  The above solution did not resolve it.

Vikram Kumar-SAV to SEP's picture

When you deploy clients from AD..it installs all the features and since you have disabled from policy in SPC so it is showing OFF.

Remove the clients and deploy using migration n deployment wizard or find unmanaged clients.

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

Kahlif's picture

What?

I built the package using the Custom Installation button on Client Installation Wizard.  Then, I used a Group Policy to install the msi.

Are you telling me that, even though I unchecked NTP on the first screen, it still installs????????

Kahlif's picture

Also, if I am going to do a remote push installation, why do I have to input login credentials to each machine?

Do you want me to have it type my admin account 130 times?

Vikram Kumar-SAV to SEP's picture

You only have to put admin credentials for the machine you push for that Domain rest will get added automatically.

When you create a package with specific features it creates a setaid.ini file which contains the information about which features need to be installed.

However third party deployment softwares Group Policy Deployment, Altiris, SCM etc they cannot read setaid.ini file and installs all the features.

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

Kahlif's picture

OK...

So, I deployed a handful of machines using the remote push install.  It went perfect.

However, it is still showing up as disabled.  I need to identify those that do not have NTP installed and those that have it so I can go around and uninstall it.  Plus, those that do not have it install should not show as disabled...

Thanks!

nfcadmin's picture

I am having this exact same problem.  All clients were installed via Remote Push, and on the main page of the SEP Console, every single one of them has a Protection Status of:

"Disabled (Network Threat Protection is off)"

Like Kahlif, my policies are set to NOT install Network Thread Protection - the clients don't need it.  Their "Virus and Spyware Protection" and "Proactive Threat Protection" are all working normally.  It's like the SEP console doesn't think a client is truly protected unless all 3 of the components are installed.

Kahlif's picture

Any ideas?  Support was talking about having a custom query to filter these out, but I want the console to show right.

Is there no way to make the manager forget about NTP?  My reports are coming up looking bad as they are not all marked OK based on our network configuration...

Thanks!

Dennis Hill's picture

I have the same problem with all 11 of my clients showing Endpoint Protection "Disabled" since installing SEP 12 MR1. All clients where pushed using the Direct Push option in the Client Installation Wizard with the Network Threat Protection box unchecked.

I found this thread though a Google search so I know it must be a popular problem. If there is a solution to this problem, please post.
Thanks.

Chris Pilipczuk's picture

Just spent over 2 hours with symantec. Once transfered to senior technical support i have been provided with this link

http://service1.symantec.com/SUPPORT/ent-security....

I guess we have to wait for symantec to resolve this issue.

Hope it helps

Cheers

Nimesh Vakharia's picture

Guys - the fix for this is to do a typical deployment. In a typical deployment Network Threat Protection (FW & IPS) & AV is installed but by default, the Firewall is disabled and IPS is enabled. Firewall is disabled through the policy settings.

You could use other firewall on the endpoint or on the network for protection. I would strongly recommend that you have IPS enabled on the endpoint.  Your endpoint is not well protected if you disable IPS.

Hope that helps. You should disable IPS only if you have a very strong reason to do so. IPS provides protection against a lot of newer types of attacks targeting web browsers, drive by downloads, malvertisements and other vulnerabilities on the endpoint.

Nimesh Vakaria
Sr. Product Manager (SEP)

AvinashBharatharaj's picture

This is as per design of SPC. If all the features of the client are not installed, it considers the client as disabeld. This issue has be taken as an enhancement request, to have an option to show only AutoProtect here, but there is no ETA on this.

swade's picture

I have several Windows XP SP3 OS machines (they are HP DC7700's) which have known problems when the network protection is installed; regardless of if the policy is enabled or not.

The only solution is to remove it and have reports from the management server indicate problems are on the network as described by so many others above.

Please escalate the fix as the workaround is not viable in some environments.

Thanks kindly.

ScreamingPotato's picture

It's been 6 months, any progress on this? I see the article linked to, twice, has not been updated so it seems that no solution has been implemented. I have to purchase 60 licenses before my trial period expires and having a fix to this particular issue would help me make the case to purchase SEP as opposed to some of the other options out there. I don't want management looking at reports with 60 "disabled" clients.

Thomas K's picture

No updates because the product has not seen a new release in a while now. Expect to see a new version of SEP 12 SBE this summer.

ScreamingPotato's picture

Thanks for the info. Can you say whether the fix for this will be included in the next update or is that unknown?

Thomas K's picture

Let me do some searching and I will get back to you tomorrow.

Best,

Thomas

w-d's picture

This issue is fixed in the next release - 12.1.

As Cycletech wrote above, this version will be published this summer (there is still no official date of the release)