Video Screencast Help

SEP 12.1 Firewall is Malfunctioning (Firewall driver is not loaded)

Created: 09 Jul 2011 • Updated: 09 Jul 2011 | 17 comments

I am using the RTM version (version 12.1.671.4971) of SEP 12.1  This is a XP 32-bit machine.  I am having the same issue as described in this discussion:

https://www-secure.symantec.com/connect/forums/sep-12x-betafirewall-malfunctioning#comment-5792141

Basically SEP says "Firewall is Malfunctioning", and when you point the mouse cursor to the SEP systray icon, it says "Firewall driver is not loaded".  I have done the following:

1. Uninstall completely and reinstall

2. Try the fix from the above discussion link.  Basically disabled Windows Firewall and did a repair of SEP

It will work fine (I get a green check mark, indicating no issue).  However, the problem comes back as soon as the PC got rebooted.

Any suggestions?

Thanks.

Comments 17 CommentsJump to latest comment

Rafeeq's picture

this used to work with SEP 11.0

follow the same procedure and let us know if this works.

 

open command prompt

naviage to sep folder

symcorpUI.exe /unregserver

symcorpUI.exe /Regserver

R Chan's picture

Tried it, still the same problem.  I also tried to do smc -stop first then the two commands.

Rafeeq's picture

do you see anything in the event viewer?

from add/remove programs

select sep; select modify; remove NTP; reboot; install NTP ; reboot; 

from the device driver page; check if u can install the driver manually

J.Bonner's picture

Try uninstalling the SEP client with the CleanWipe utility. Then reboot and install a clean copy again.

Jon

Paul Murgatroyd's picture

R Chan,

If you open a command prompt and type "sc query teefer2" what do you get in return?

Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed: http://twitter.com/symc_endpoint

R Chan's picture

Rafeeq, followed your procedure, still the same after reboot.  Regarding the Device Driver, what exactly are you referring to?  I looked at device manager, nothing is listed wrong or driver missing there. BTW, if I do a repair of SEP 12.1, the firewall problem will temporary goes away, until I reboot.

J.Bonner, I've already tried using CleanWipe, I also emptied any Symantec related directories on my C:\ drive, as well as deleting the remaining entries from the registry.

Paul, here's what I got: [SC] EnumQueryServicesStatus:OpenService FAILED 1060:

Thanks everyone.

Charles83's picture

I have the same exact problem on the same machine type as OP.  Any idea on how to fix this yet?

Deepak M's picture

Same problem here.  Luckily we have only implemented 12.1 on handful of machines to test for scenarios such as this.

netgamero's picture

I have the same problem, and it's not single. This version 12.1 it's a failure. It's very hard to uninstall, even with cleanwipe, the files remains and you can not delete them with admin user. After uninstall 12.1, you have to reinstall the network card, in most happy cases, or reinstalling windows.  On x64 platform you have no chance to have SEP 12.1 working. I am verry disappointed, I didn't expect this situation, and symantec support not recognize the problems, and treat us like stupid people. 

PaulCNZ's picture

Had same problem on XP, solution simply remove HKLM\system\currentcontrolset\network "config" reboot.... as always remember to backup registry... and use at your own risk. Seems to be a error with the teefer driver deletion and reboot to redect seems to have solved it.

jay2001's picture

Have a windows 7 professional 64bit machine and none of the above suggestions work here i dont even have that key string in my registry PaulCNZ any more help here would be greatly appreciated

PaulCNZ's picture

Haven't encountered the problem in 64 W7 but here are some tech notes apply to 32bit W7 but assume process is the same.

Remove the Teefer driver

  1. Click Start > Search, type cmd, and press Ctrl+Shift+Enter to start a command prompt with Administrator privileges.
  2. Type pnputil -e to list the Symantec drivers in the driver store.
  3. Type pnputil -f -d oem<n>.inf to remove Symantec drivers from driver store, where <n> is a number corresponding to one of the Symantec drivers listed in the previous step.
  4. Type exit to close the command prompt.
  5. In the Windows registry editor, navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}.
  6. Delete any keys that have a value of ComponentId that is set to symc_teefer2mp.
  7. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}.
  8. Delete any sub keys that have a name containing SYMC_TEEFER2MP.
  9. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{cac88424-7515-4c03-82e6-71a87abac361}.
  10. Delete any sub keys that have a name containing SYMC_TEEFER2MP.
  11. Close the Windows Registry Editor.
  12. In the Device Manager (devmgmt.msc), go to Network Adapters, and delete all entries with "teefer" in them.
  13. Delete any network adapters to which teefer was attached.
    This causes the adapters to be reinstalled. This step must be done in order for there to be network connectivity after you restart the computer.
  14. Restart the computer into normal mode.
jay2001's picture

Probubly not recommended but uninstalling old SEP 11.x and installing SEP 12.1 seems to cause the problem i have 3 other machines all win7 64 bit and installing over the existing 11.x installation without uninstalling it first seems to keep things working for some reason.....I expiremented and after 3 attempts at installing fresh on my PC the SEP 12.1 but still had the Firewall issue then I installed old 11.x like was on the other 3 (just because i was lazy.... :)) then installed 12.1 and guess what........no problems so possible solution dont uninstall 11.x just start the installation over the old and if new unmanaged client (because i could see what a pain it would be to install 11.x just to get 12.1 to work properly would be) install old 11.x first then 12.1 ......bad way to do things but it worked.......  

ThangTT's picture

I happenly solved my FW issue on winXP 32 bit client by:

in SEP client GUI, click on help button, troubleshooting, click on Debug Logs, click on "Edit Debug Logs Settings to turn it On

smc -stop

smc -start

then turn debug Logs, off

smc -stop

smc -start

larrymac's picture

Hi ThangTT

 

I have same problem on one pc. All others are fine.

 

I cannot stop/start smc as it is greyed out in services.Any ideas?

 

Thanks

Mgamerz's picture

I found this problem on one of our XP laptops in my office. I went to the Symantec install folder (this might differ for you slightly):

C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\TeeferXP

(Or vista if you are on Vista/7 instead of XP)

I found two .inf files there and I right clicked-install 'ed them and then it worked fine. However, I no longer see these inf files on some of the other machines.

You might want to find that folder and keep a backup so you can pass it around your office to install.