Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

How to NOT install 'Symantec NAC Transparent Mode' EAP method with Endpoint Protection?

Created: 21 Sep 2012 | 9 comments

Hi,

Is there way to configure the Symantec Endpoint Protection Manager so that the installed clients would not have the 'Syamntec NAC Transparent Mode' EAP method installed in them?

This EAP method seems to be causing some Windows EAPHost API issues with an in house tool we are using when running on Windows 7 64 bit systems.

Thanks,

-Rajesh.

Comments 9 CommentsJump to latest comment

.Brian's picture

Just don't assign the SNAC policy. You can install SNAC on the SEPM but as long as you don't assign a policy to a group of clients, SNAC will not be activated.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

W007's picture

Hi,

Once You have Assgin SNAC policy.you can't be remove for specify group and client

Check Symantec Employee Comments.

Vikram Kumar-SAV to SEP Symantec Employee Accredited
 

Once you have added SNAC license on SEPM console all the client will have SNAC component enable and it cannot be removed from specific group or client.
SNAC is al rule base so with no policy it is as good as disabled.

Looking at the above error messages you are getting definitely there will be a solution/workaround available with Support.

Check this thread

https://www-secure.symantec.com/connect/forums/remove-snac-single-ou

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

.Brian's picture

Are you seeing something in the logs that SNAC may be causing an issue?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

rajeshkumarg's picture

Brian,

I enabled the debug logs in the SEP client as per http://www.symantec.com/business/support/index?page=content&id=TECH102412 but could not find anything useful in the logs.

The problem is like - after the SEP client is installed (which installs the Symantec NAC Transparent Mode EAP method) the Windows EAPHost API calls to the following APIs start failing

EapHostPeerConfigXml2Blob -

http://msdn.microsoft.com/en-us/library/windows/desktop/aa363552(v=vs.85).aspx

WlanSetProfileEapXmlUserData -

http://msdn.microsoft.com/en-us/library/windows/desktop/ms706802(v=vs.85).aspx

The same calls succeed without requiring any changes if the SEP client is uninstalled. Please note that the problem occurs only with Windows 7 64 bit systems and NOT with 32 bit systems.

There is a similar problem reported by someone sometime back

http://social.msdn.microsoft.com/Forums/uk/vistawirelesssdk/thread/fb888d4a-4f07-4d69-b18a-3061c28ddfd8

Is this a known issue? would there be a fix in any newer releases?

Meanwhile I will try to disable SNAC as per your suggestion and see if the problem goes away with that.

Thanks,

-Rajesh.

Ashish-Sharma's picture

hi,

If you want to remove check this artical.

Removing SNAC from a client

http://www.symantec.com/business/support/index?page=content&id=TECH144458

 How to remove the Symantec Network Access Control (SNAC) module from both Symantec Endpoint Protection (SEP) Manager and Client

http://www.symantec.com/business/support/index?page=content&id=HOWTO44392

How to manually uninstall Symantec Network Access Control client 12.1 from Windows Vista, Windows 7, and Windows 2008 32 and 64 bit Operating Systems

http://www.symantec.com/business/support/index?page=content&id=HOWTO55826

Thanks In Advance

Ashish Sharma

rajeshkumarg's picture

Even with a plain installation of SEPM, without the SNAC module or license, the clients do get the "Symantec NAC Transparent Mode" EAP method and the API issues persist.

Is there any option in SEPM that I can make use of so that the client installs will not install this EAP method?

Thanks,

-Rajesh.

Ashish-Sharma's picture

HI,

You create Group and not assgin SNAC policy ,but first you can remove policy where SNAC policy are applied.

Removing SNAC from a client

http://www.symantec.com/business/support/index?page=content&id=TECH144458

Thanks In Advance

Ashish Sharma

W007's picture

Hi,

Do you have received answer ?

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.