We are randomly (but frequently) seeing instances (from wireshark trace information) where SEP Network Threat Protection is blocking valid traffic to the network during PC bootup. When this happens, the WindowsXP devices are not getting their login scripts or group policy applied. Additionally, startup performance is negatively impacted.
We have worked with Microsoft Premier Support who recommends that we change the following:
The proposed change is:
If you look in your registry at this key:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SmcService]
And look specifically at entry:
""Group"="NDIS"
They want us to change the "Group" value from "NDIS" to "NetworkProvider".
Supposedly this will cause the firewall to start after network startup has been processed in the stack as opposed to before the network startup. We have tested this change and have seen consistently where the "Domain Controller not found" message goes away and startup performance is greatly improved (as well as login scripts and gpo processing occurring normally).
What information can you share about any risks of changing this value ? For example, we are of the opinion that there may be some risk (but very little) in delaying the firewall startup for the short duration of about 5-8 seconds that is needed for the network stack to load.
Any thoughts, pros/cons, etc would be appreciated.
Thanks.