I think I'm having the same problem, but there hasn't been much followup by @constantm so maybe I can hijack the thread
Just recently installed Symantic Protection Suite which includes Endpoint Protection Small Business Edition 12.1.4100.4126
I installed the Management product and deployed the full package endpoint to my 2003 server. No firewall previously existed. If I recall, I lost my Remote Desktop capability, so rather then try and figure out the exception rule, I just went into the Policies tab and edited the policy so "Enable This Firewall Policy" was unchecked. So now the firewall status in the Manager says "Disable by Policy" which makes sense.
Then I deployed the same package to a Windows XP machine with XP firewall already on and added it to the same group. Oddly it says "Enabled" for the firewall status. I assumed this meant it was reporting the Windows XP firewall active, but since then I'm guessing this column is reporting for the Symantec firewall only?
Since then I have been getting a combination of "Disabled by Policy" and "Enabled" on XP and Windows 7 machines in any group I add a machine, with no common denominator. It seems the Windows Firewall is still running on all machines which is what I want for now, but the reporting is not right.
So as a newbie, can someone please explain to me the difference in disabling the policy and withdrawing the policy (and the steps), as people have referrred to these actions.
Marty