lol.... the Support acutally informed us that it's new enhancement in SEP since RU6 MP1?
He explained that starting from this version any SEP without NTP component will have Windows Firewall turned ON automatically...
Refer fix id below:
Windows Firewall is always disabled by SMC service
Fix ID:1992008
Symptom:The Windows Firewall is disabled even though a policy is in place that dictates it to be enabled.
Solution:If Symantec Endpoint Protection Firewall is disabled in a location, the Windows Firewall will be turned on. If Symantec Endpoint Protection Firewall is enabled in a location, the Windows Firewall will be turned off.
http://www.symantec.com/business/support/index?page=content&id=TECH103087