Endpoint Protection

Hello everyone,

I am using Symantec Endpoint Protection Manager 12.1.2 and I am currently having an issue. As shown in this screen shot, I have a few clients that are showing the Early Launch Anti-Malware driver status as Disabled. This is causing my home page to show as something is wrong. The thing is, I disabled the Early Launch Anti-Malware in the policy that effects this group. It should show disabled by policy. The other strange thing is, I am not sure how this would have been installed, because these are not Windows 8 machines. These machines are either XP, Server 2000 (ugh, I know...), or Server 2003.

How do I get these to show as disabled by policy, or uninstall the driver from these clients?

Thanks

I'm wondering if this is a bug. If you check that option on the client, what does it show? Should be under Virus and Spyware Protection >> Configure Settings >> ELAM tab

Well, two of the clients are running the older version of Symantec 11 so they don't even have this installed, yet it is still showing disabled. 

The other clients have it unchecked and greyed out. 

Thanks for your quick response.

Interesting. All my clients show as "Not Installed"

There is no way to create a package without this to my knowledge. If it detects Windows 8 than it will install it. Otherwise it won't.

Looks to be a bug, perhaps a suport call is needed.

Thanks for your quick response. It must be a bug, since my 90 other clients are normal.

Support can confirm. Or if you can live with it...

Definitely a bug - the driver must be installed to be disabled and this won't happen on OS older than windows 8 - contact support for them to check.

Hmm bug?... won't be pretty on the reporting/gui

but other than that won't affect anything

Hello,

The highlighted client (provided in the Screenshot) is that from XP, Server 2000 or Server 2003?

What about the other unhighlighted clients are those either from XP, Server 2000 or Server 2003 machines as well.???

If it is Windows 8 / 2012, then I believe the Early Launch Anti-Malware Settings were disabled from the client machine and that is why we see as "Disabled"

If you have disabled from SEPM, then try disabling and then locking the policy.

Early Launch Anti-Malware Settings are supported on computers that run Microsoft Windows 8 or Later.

I checked this by Disabling the Policy on the SEPM and that affected the Windows 8 and 2012 and I receive the Status as "Disabled by Policy" on the SEPM.

However, In your case, since all the clients are either XP, Server 2000 or Server 2003, this driver would not get installed at all. So, if you are disabling the Early Launch Anti-Malware Settings, these does not get effect on SEP client as this policy either way.

Thanks for your reply. 

We currently have 0 Windows 8/ Server 2012 machines. All of the machines in the screenshot that show disabled are XP, 2000, 2003. The ones that show not installed are either 2003 or 2008 (R2).

Has to be a bug. Call support to confirm.

can you check this thread

https://www-secure.symantec.com/connect/forums/firewall-status-disabled-or-disabled-policy-strange-behaviour

Cent sure.... a bug.. please log a call with Support to confirm and let us know if that helped.