Video Screencast Help

Firewall in Symantec Endpoint Protection

Created: 21 Jan 2013 | 26 comments

I have a couple of issues with the Symantec Endpoint, I have exported a Install package from the Symantec Endpoint Manager... And i added a Client Install Feauture Set, I unticked the Network Threat Protection See:

And i deployed the msi with the Group Policy to a bunch of Computers, but it seems as that the Nework Threat Protection installed anyway... See below... And when i get to the control panel (Action Center) i see that Symantec is running as the firewall.. but i want to use the Windows Firewall and not the symantec? What am i doing wrong?

Comments 26 CommentsJump to latest comment

Mithun Sanghavi's picture

Hello,

Once the installation is completed, please restart the machine and check again.

Secondly for Enabling Windows Firewall, check these settings in SEPM firewall policy.

1.Login to SEPM.

2. Click on Policies.

2.Click on Firewall. Highlight the policy in the right pane. Click on Edit the policy.

3. In Windows Integration tab, choose "Do Nothing" in Disable Windows Firewall.

Secondly, check these Articles:

Windows firewall is disabled after migration to a 12.1 RU2 client without NTP firewall feature

http://www.symantec.com/docs/TECH200415

How to disable windows firewall in Windows server 2008 R2 64 bit by setting in SEPM

http://www.symantec.com/docs/TECH183375

Using (Enabling) Windows Firewall with SEP NTP installed

http://www.symantec.com/docs/TECH197660

Hope that helps!!

Mithun Sanghavi
Associate Security Architect

MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

shaniie's picture

Already done these steps, its still not working

Thanks

Shane

Mithun Sanghavi's picture

Hello,

Could you please create a New package (without NTP) in .msi package (by unchecking the "Create a single .exe file for this package), check this Article:

http://www.symantec.com/docs/TECH165483

Once done, please check the setaid.ini to confirm if the NTP is getting installed in the package. Check this Article - 

http://www.symantec.com/docs/TECH102668

Hope that helps!!

 

Mithun Sanghavi
Associate Security Architect

MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

ᗺrian's picture

The other thing to note is if the firewall piece is not installed it should be in use.

In the firewall policy on the Windows Integration tab, for Disable Windows Firewall set it to No Action

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SebastianZ's picture

HI, what is the version of SEPM and the version of the package that you deployed?

If the package was created without NTP feature - after installation this feature should no appear at all - can you try recreating the install package again - before that please create a new Client Install Feature Set (again without Firewall) just to exlude policy corruption - maybe there was some problem here.

shaniie's picture

I recreated the the installation package once again with the NTP, and the Application device disabled.It looks like it still something wrong, the NTP still gets installed.. There is something weird going on here.. :smiley Its getting on my nerves :)

Mithun Sanghavi's picture

Hello,

Could you please create a New package (without NTP) in .msi package (by unchecking the "Create a single .exe file for this package), check this Article:

http://www.symantec.com/docs/TECH165483

Once done, please check the setaid.ini to confirm if the NTP is not getting installed in the package. Check this Article - 

http://www.symantec.com/docs/TECH102668

Hope that helps!!

Mithun Sanghavi
Associate Security Architect

MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

shaniie's picture

I did do a .msi package but it still doesn't work.!

Here is the setaid.ini from the .msi package.. as we can see here the NTP is disabled?

; NOTE: Do not edit the config below
[PREDEFINED_SMC_CONFIG]
AppType=105
VendorID=4096
PlatformType=WIN64BIT
PackageChecksum=2ad33d83ea714bfa8593bfd4f540b2b9

; User configureable options
[CUSTOM_SMC_CONFIG]
InstallNewInstanceOnly=0
InstallUserInterfaceLevel=s
KeepPreviousSetting=1
InstallationLogDir=%TEMP%\SEP_INST.LOG
DestinationDirectory=
LaunchIt=1
AddProgramIntoStartMenu=0

OptOutRepSubmission=1
UIRebootMode=0
RebootSchedule=NOW
AutoReboot=true
RebootRandomize=true
RebootPromptMessage=The Symantec Endpoint Protection installation requires this computer to restart.
SnoozeInterval=60
RebootDisplayTimeout=60
RebootMethod=SERVER
RebootMinutes=180
Countdown=5
RebootDay=TODAY
RebootRandomizeHours=2
PromptType=COUNTDOWN
RebootMaxSnoozeCount=3
RebootPromptUser=true
HardReboot=true
[LU_CONFIG]
ServerProduct=SESM AntiVirus Client Win64
ServerLanguage=English
ServerVersion=12.1.1000
SequenceNumber=0
ServerMoniker={43EEFBAE-0AB4-F6D4-0039-BF120CC562DF}
ClientProduct=SESC AntiVirus Client Win64
ClientLanguage=English
ClientVersion=12.1.1000
ClientMoniker={D410C452-0AB4-F6D4-0039-BF12E41A5E54}
SequenceTag=PATCH
ShortName=spcAvClient64en_12_1
DisplayName=Symantec Endpoint Protection Win64 12.1.1000.157 (English)
CONNECT_LU_SERVER=0

[FEATURE_SELECTION]
Core=1
SAVMain=1
Download=1
OutlookSnapin=1
NotesSnapin=0
Pop3Smtp=1
PTPMain=1
TruScan=1
DCMain=0
NTPMain=0
Firewall=0
ITPMain=0
 

/Shane

ᗺrian's picture

What version of 12.1 is this happening on?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

shaniie's picture

SEPM 12.1.1000.157 RU1

The version of the packed i deployed is 12.1000.157

Alright i am gonna try and create a new Client Install Feature, and install the Symantec again..

Thanks

Shane

ᗺrian's picture

It's possible, you would need to check though to confirm.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Ashish-Sharma's picture

HI,

Check the client group where sep client are showing.

Client Group -> Install Package...

any client package available

How to add or remove features to existing Symantec Endpoint Protection (SEP) client installations

http://www.symantec.com/business/support/index?page=content&id=TECH90936

Thanks In Advance

Ashish Sharma

shaniie's picture

All the the deployed clients goes into the OF group, and in this group, i have withdrwan the firewall and intrusion prevention.. 

SebastianZ's picture

The  policy assigned to the client group should not matter - even if FW policy is assigned here but the component is not installed on client it would not apply and certainly it would not force the client to install the feature.

SebastianZ's picture

Are these target computers clean installs or did they have already some older SEP version installed previously?

If there was, please have a check if in the client install setting the opiton: "Maintain existing client features when upgrading" is unchecked.

Have a look here:

http://www.symantec.com/docs/TECH90936

TORB's picture

Application Control will show up under Network Threat Protection.
This is as designed.You can also see this by going to "add remove programs" and clicking modify,

Regards

Torb

SameerU's picture

Hi

What is the version you are installing ?

Regards

shaniie's picture

The version of the packed i deployed is 12.1000.157..

So I have tried all kind of workaround, still dont get it to work.. The only thng that work is when i install the symantec endpoint client, i have to on the control panel/add remove programs and modifie the installation..To not have the NTP installed..?? How do i not get the NTP installed from the beginning from the deployed MSI.. I tought the setaid config file, helped with this?

/Shane

SebastianZ's picture

shaniie - have you tried already to recreate the "Client Install Feature" policy - we discussed that before but I don't se eyour update on that. Can you confirm?

Can you check one more thing - for a test deploy a install package with a feature set from "Basic Protection for Servers" - this should have only the AV installed - does after deployment the Firewall gets installed here as well?

shaniie's picture

hey Sebastian,,

I did recreate the Client Install Feature, but it still does not work :(

And i did the Basic Protection for servers, same thing here..The firewall gets installed anyway

/Shane

SebastianZ's picture

Are you deploying those package by Push Deployment - if yes can you manually copy the package to the target machine and execute - does the firewall component get installed as well?

I was thinking here about the posibility that the package you are sending out from SEPM is not the same as a package that arrives at target machine - some cached version of older package or so... but not sure if this is possible.

shaniie's picture

No no Push Deployment, i tried that tooo but still doesn't work..

And I am using Group Policy Sep64.msi to push the install out to clients,, same thing here the firewall gets installed dont matter how much i try with teh basic server install feature..

And i try manually to install the client but all features get installed anywayss. the only thing i can do to disable the firewall is to do i maanually from  the add remove programs/modify...

I tried restarting the SEPM service on the server, and then exporting a new package, but same o same?

I dont want to manually go and modify all the sep clients on all computers, to disable the NTP...

Any more help will be really appreciated..

/Shane

Mithun Sanghavi's picture

Hello,

I agree with the above comments.

In addition to above, could you also try installing an Unmanaged client setup from the SEP 12.1 DVD??

Symantec_Endpoint_Protection_12.1_Full_EN\SEP\Setup.exe

This unmanaged client can be later turned to managed by simply replacing the sylink.xml file.

http://www.symantec.com/docs/TECH157585

Hope that helps!!

Mithun Sanghavi
Associate Security Architect

MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.