Endpoint Protection Small Business Edition

hi,

i have been struggling to get SEP small business edition to disable the native windows firewall on my windows 7 machines. the windows firewall continues to show as on, which is apparently fine, however it appears to be actively blocking connections.

as soon as i stop the windows firewall service (net stop MpsSvc) or run 'netsh advfirewall set currentprofile state off', WMI (RPC) traffic starts flowing again.

other SEP rules, like the one i have set up to allow remote desktop or filesharing, work fine.

this is not a problem with my custom rules: the WMI traffic is also blocked when i run the 'low security' (allow all incoming/outgoing) firewall default. only when i manually disable the win7 firewall does it start flowing again.

wmic/wbem will work when run on the local machines, even when the network traffic is being blocked.

i have tried many things, including resetting/removing a couple gpo's that added custom windows firewall rules (rdp and smb), removing and reinstalling SEP, and repairing SEP.

WHY will it not disable the windows firewall? i've had a support request open for a while but it's going nowhere fast.

my only workaround is to have a GPO set to disable the windows firewall for Windows 7 machines.

thanks,

-matt

Hello,

Your Guess is as good as mine.

As per the symptoms you have narrated above, the issue seems to be somewhere either with the GPO or the Windows 7 OS.

Was the Support Request created at Symantec Technical Support or with Microsoft?

This does not seem to be related to Symantec. I would advise to open a Support Ticket with Microsoft OR

go ahead with the workaround as you suggested.

hi,

this happens even with the GPO disabled. so it is not the GPO.

the support request is with symantec.

and i do believe it is related to symantec, because it is not completely disabling the windows firewall. with SBE there is no 'windows integration' option in the firewall policy, nor is there an option during deployment.

what should the state of the native windows firewall be (from netsh,or otherwise) after SEP 'disables' it? if i knew where to look, and what to compare the output to, i could then discern exactly where the issue is.

these are brand new dell systems with fresh windows 7 pro 64 bit installs. the issue is probably not with windows as you suggested.

thanks,

-matt

See the screenshot below. 

In the SEPM in the policies of the Firewall, the one you are setting to the clients.

* * * * *

- Open Admin Console

- Policies

- Firewall policies

- "Windows Integration on the left"

* * * * *

You can set these options as you like.

I have a screen capture set as to the way you will probably want them...

GPO is just a a set of rules the system applies to different registry keys.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

Setting the data in this parameter to 0 will disable firewall on the machine. To enable firewall you need to set the registry value to 1.

* * * * * * *

With the GPO set, what value is the registry key getting?

Have you run an RSOP on the system to make sure that:

1 - the GPO is applying properly

2 - the GPO is not being iverwritten by a different policy being forced?

* * * * * * * *

Regardless, check the above registry key used to enable or disable the firewall.

this issue persists, no resolution from symantec support yet.

-matt