You'll have to uninstall Network Threat Protection (can be done via Control Panel > Programs & Features).

You might be using Older Version of SEP 11.0.6000.xx or Older as this issue was fixed in RU6MP1 (11.0.6100.xx) so migrating the clients to newer version should fix this issue.

Windows Firewall is always disabled by SMC service
Fix ID: 1992008
Symptom: The Windows Firewall is disabled even though a policy is in place that dictates it to be enabled.
Solution: If Symantec Endpoint Protection Firewall is disabled in a location, the Windows Firewall will be turned on. If Symantec Endpoint Protection Firewall is enabled in a location, the Windows Firewall will be turned off.

http://www.symantec.com/business/support/index?page=content&id=TECH103087&locale=en_US

This issue may not be yet resolved completely. The workaround for now would be:

1. Remove the Network Threat Protection feature from SEP client

      Got to add/remove programs (Programs and features) - Select SEP and click on change, modify and remove the NTP component. Reboot the computer

2. After removing NTP, go to Start . Run and type in services.msc. restart the Windows Firewall/Internet Connection Sharing(ICS) Service.

Hello,

Did you check the Symantec Article?

Just few steps to resolve your Issue.

Windows 7 Firewall indicate that "These Settings are being managed by vendor application Symantec Endpoint Protection", even when Symantec Endpoint Protection (SEP) 11.0 Network Threat Protection (NTP) is not installed.

https://www-secure.symantec.com/connect/articles/w...

I am sure that's what you are looking for.

Hi,

After enabling windows firewall you might have to create port exceptions in windows firewall for SEP .

It is possible that after enabling windows firewall it will block SEP client and SEPM communication port.