Endpoint Protection

Hi,

Just installed the SEP 11 on Win2K SP 4, and was surprised to find out that there seems to be absolutely no way to configure a desktop firewall. Should there be one, or am I missing something completely?

I think, basically I'd like to see a means to configure "Network Threat Protection", however no such entry exists in the GUI (there are only "Antivirus and Antispyware Protection" and "Proactive Threat Protection" ).

After looking into the logs, there seems to have been an install-time failure, logged as; "Critical - Fail to install teefer driver". The installer silently ignored this failure (i.e. I never saw a message about anything going wrong).

Any insight to this greatly appreciated ...

 are you using win 2k server ??

if this is a server os then you should not been able to enable this feature as this is not supported in any server os as per my knowledge.

NTP is firewall concept of Symantec

Here is some information you can use for NTP:

Symantec Endpoint Protection 11.0 protects endpoint computing devices from viruses, threats, and risks, and provides three layers of protection to your endpoint computing devices. The layers are network threat protection, proactive threat protection, and antivirus and antispyware protection. Network threat protection blocks threats from accessing your computer by using rules and signatures. Proactive threat protection identifies and mitigates the threats based on the threats’ behavior. Antivirus and antispyware threat protection identifies and mitigates the threats that attempt to or have gained access to your computers by using the Symantec signatures. The Symantec Endpoint Protection client firewall provides a barrier between the computer and the outside network. The client firewall prevents unauthorized users from accessing the computers and the networks that connect to the Internet, detects possible hacker attacks, protects personal information, and eliminates unwanted sources of network traffic. The firewall also protects against network threats and malware that attempt to proliferate in your network, such as bots. All the information that enters or leaves the client computer must pass through the client firewall, which examines the information packets. The client firewall blocks packets that do not meet the specified security criteria.

Firewall Policies
Firewall policies consist of one or more rules that work together to allow or block users from accessing the network. Firewall policies include the following elements:

* Firewall Rules
* Stateful Inspection
* Rule Priority Number
* Control Type
* Default Firewall Rules
* Smart Traffic Filtering
* NetBIOS and Token Rings
* Stealth Settings


You can refer to the document below:

Symantec Endpoint Protection 11.0 Network Threat Protection (Firewall) Overview and Best Practices White Paper

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/d29b17f62f36c49f882573b400333bd4?OpenDocument

Network Threat Protection does not appear in the user interface after installing Symantec Endpoint Protection

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/ff925de181a20be6492574090047bc99?OpenDocument



And its always advised to install only Antivirus& Antispyware on Server Operating Systems. As Proactive Threat Protection is not supported on a Server OS [ even if its installed, it will always be disabled] .

Hope this helps.

Aniket Amdekar

did you reboot after you installed?  The firewall component wont be active (and you wont see it in the GUI) until after a reboot

Paul, thank you for that suggestion.  It fixed my problem and I'm glad I found your post. =)

sorry to tag along to this thread, but it's sort of relevant. Why is it that Proactive Threat Protection and Network Threat Protection are NOT installed for server OS's?

Here's my guess, servers normally have to run some services and use ports that might accidentally be blocked by the firewall that comes with Network Threat Protection.

Hi,

to be precise:
the Proactive Threat Protection is not compatible with server OS's because it is designed to monitor client applications;
Network Threat Protection IS supported for server OS's as well but most of administrators doesn't reccomend it because it adds another administrative load to set it up properly in order to don't stop the services provided by the server and because a server is often protected by a hardware firewall.

Okay, interesting. You'd think something critical like servers would need some form of proactive threat protection. This was a big negative point in the eyes of my boss. But we still bought anyway :)