Endpoint Protection

 View Only

  • 1.  SEP NTP without policy taking over Windows firewall ploicy

    Posted May 25, 2012 07:16 PM

    We run SEP V11 in our organization and just upgraded to RU6 installing the NTP code with it and have not deployed any SEP firewall policy. We also have Windows firewall enabled with default policies through GPO's. SEP NTP policies are taking over the Windows firewall and leaving our endpoints exposed. Is there any way to disable NTP component permanently and leverage the Windows firewall policy as the protection. This would be needed until we develop and deploy SEP firewall policies at which point we can disable the Windows firewall. The solutions that I have found are only able to disable the NTP temporarily and it restarts on a reboot of the endpoint.

    Thanks

    VIneet



  • 2.  RE: SEP NTP without policy taking over Windows firewall ploicy

    Broadcom Employee
    Posted May 25, 2012 10:05 PM

    uncheck the policy or allow all traffic ( only one rule).



  • 3.  RE: SEP NTP without policy taking over Windows firewall ploicy

    Posted May 26, 2012 07:09 AM

     

    You may need to double check if the Firewall Policy is diabled from SEPM console and upon confirming, you may also need to disable the Firewall from the SEP client GUI.

    Hope that helps...

     

    Elango M.



  • 4.  RE: SEP NTP without policy taking over Windows firewall ploicy

    Posted May 28, 2012 05:54 AM

    I agree with Pete. If it does not match your need, you may uninstall SEP NTP module remotely for now, then reinstall it remotely when you will be ready to use this feature (http://www.symantec.com/docs/TECH90936).

     



  • 5.  RE: SEP NTP without policy taking over Windows firewall ploicy

    Trusted Advisor
    Posted May 28, 2012 06:12 AM

    Hello,

    In your case, since you are Installing the NTP Feature, the SEP managed client would take the default SEP Firewall Policies.

    Here are the steps to work on - 

    1) Uninstall the Network Threat Protection Feature from the SEP client machines.

    It could be achieved by Auto-Upgrade Feature with new custom client packages (without NTP feature)

    http://www.symantec.com/docs/TECH102817

     
    2) Withdraw the NTP policies.
     
     
    Also, check these Articles below:

    About Windows Firewall and Symantec Endpoint Protection's NTP

    Best Practices for Installing Symantec Endpoint Protection on Windows Servers

    Windows 7 Firewall indicate that "These Settings are being managed by vendor application Symantec Endpoint Protection", even when Symantec Endpoint Protection (SEP) 11.0 Network Threat Protection (NTP) is not installed.

     
     
    Hoep that helps!!!


  • 6.  RE: SEP NTP without policy taking over Windows firewall ploicy

    Posted May 29, 2012 12:26 PM

    Guys thanks for all the responses. What we are looking for is the following.

    - We just rolled out SEP NTP to 9000 clients and do not want to unistall it.

    - We have not rolled out any SEP NTP policies at all and want to use the Windows firewall policies for the time being.

    - We just want to disable the NTP firewall without uninstalling it and let Windows firewall do its job. This will be necessary while we forumlate and test the SEP NTP policies and roll them out.

     

    Is there any way of achieving the above. In our research we have not been able to find any way of disabling NTP for a long time. IT can be disbled temporarily by changing the registry entry for NTP and it reverts back as soon as endpoint is restarted. Any suggestions or solutions to make this happen are welcome.

    Thanks

    Vineet



  • 7.  RE: SEP NTP without policy taking over Windows firewall ploicy

    Trusted Advisor
    Posted May 30, 2012 06:56 AM

    Hello,

    I believe you could try Withdrawing the Firewall Policies off the groups /sub-groups in the SEPM.

    If you delete a policy, Symantec Endpoint Protection removes the policy from the database. If you do not want to delete a policy, but you no longer want to use it, you can withdraw the policy instead.

    You can withdraw any type of policy except a Virus and Spyware Protection policy and a LiveUpdate Settings policy.

    See Withdrawing a policy.

     

    Hope that helps!!

     



  • 8.  RE: SEP NTP without policy taking over Windows firewall ploicy

    Posted Jun 02, 2012 08:11 PM

    I know what you are saying.  I also have NTP installed but no policy is configured or assigned to any groups. This puts the warning in Windows 7 control panel that SEP is managing, which is confusing to users and other IT admins, but in my testing we found that the warning is false.  Just do a port scan of the endpoint with nmap and you will see all the ports are closed except for the ones your GPO has opened, confirming the Windows firewall is in use and actively blocking inbound ports.  In fact if you want to open a port locally on the endpoint (assuming your persmissions and GPO allow for this) just click the Windows Firewall with Advanced Settings link at the top left.  (I think Server 2008 has a direct link to this advanced settings screen in the Control Panel.)  This is the tool with the Inbound section with all the IPv4 and IPv6 ports listed out.  We can still modify settings with advanced settings and still centrally manage them with GPO even though NTP is installed and gives the warning about SEP managing it.  I would rather the Windows Firewall or SEP be smarter so the warning would only appear if a firewall policy was actually applied and in use on the client, but it just appears to show up anytime NTP is installed.  Hope this helps.