Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Windows 7 Firewall and SEP Firewall

Created: 15 Feb 2014 | 17 comments

Dear Forum,

I installed SEPM 12.1 and created client packages with default setting. I changed nothing in default settings except I prevented users from changing Settings on clients, set a Client Password and disabled "Disable Firewall" on Client Computers. I didn't change anything regarding firewall setting, didn't disable Windows 7 firewall on clients.

Now I recognized that Firewallrules I set with SEPM where not applied to client computers. After some hours of working I discovered that the Windows 7 Firewall is still active. As I modified the Windows 7 Firewall connecting to the Client was possible.

On Windows XP I had no problems - just modified a SEPM Firewall Rule and Connecting to the client was possible.

Why is Windows 7 Firewall still active although I Installed SEPM?

thanks and kind regards

terra

Operating Systems:

Comments 17 CommentsJump to latest comment

.Brian's picture

What's the exact client verson?

So you want the windows firewall disabled?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

terra2554's picture

Which Version - I think it is 12.1.2015.2015.

I thought if I install SEP then Windows Firewall will be disabled automatically. When I open Firewall.cpl/mmc->Firewallsnapin than there apears a message that SEP takes control over firewallsetting...

.Brian's picture

I believe this was a bug in this version, can you upgrade to 12.1.4?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

terra2554's picture

So, whats the bug here exactly - which firewall works? Do they both work?

.Brian's picture

Does this describe it?

Installing any Symantec Endpoint Protection package without the firewall disables Windows Firewall
Fix ID: 3063585
Symptom:  After installing Symantec Endpoint Protection with a configuration that installs only Virus and Spyware or Proactive Threat Protection, the application still disables the Windows Firewall.
Solution: Updated the installer conditions to properly recognize previously stored Windows Firewall states and the install or removal of Symantec Endpoint Protection firewall components.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

terra2554's picture

As I said, I installed the default package. I don't know if there is the firewallcomponent included. But the Windows 7 firewall is still active...

.Brian's picture

You need to check that. You can either do it from the SEPM by going to the Clients page and and checking from here or go to the client and go to add/remove programs and check to see if the firewall component is installed. Usually, if you only installed AV, the windows firewall should remain active. If you installed NTP than the windows fw will be disabled.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

terra2554's picture

Where can I verify exactly wheater firewall feature is installed in SEPM?

.Brian's picture

Login and go to the Clients page.

Set the View to Protection Technology for that group the client is in

There is a tab for Firewall Status, it will either say Enabled or Disabled

You can check for all your clients here

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

terra2554's picture

Could it be that SEP Firewall is enabled AND Windows 7 Firewall is enabled too?

.Brian's picture

It's possible which is why I was curious as to whether or not the SEP fw was even installed. If it is, check the firewall policy >> Windows Integration tab, this is where you can control windows fw settings and how SEP handles them.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

terra2554's picture

Hallo again,

SEPM says that Firewall is enabled. But as I said: I modyfied Windows FW and then I could connect...

regards

terra

terra2554's picture

As I said, I installed the default package. I don't know if there is the firewallcomponent included. But the Windows 7 firewall is still active...

James007's picture

See both articles and blog

https://www-secure.symantec.com/connect/blogs/how-enable-windows-firewall-setting-windows-7-machine-sepm-1212

Using (Enabling) Windows Firewall with Symantec Endpoint Protection Network Threat Protection installed

Article:TECH197660  |  Created: 2012-10-01  |  Updated: 2013-12-20  |  Article URL http://www.symantec.com/docs/TECH197660
terra2554's picture

SEPM says "Disable Windows Firewall" - "disable once only"

.Brian's picture

Set it to "Disable Always"

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Rafeeq's picture

disable only once will disable fw during the sep install, after system is rebooted the firewall will be enabled.

set the option to never it will not disable the windows firewall.

always wil disable it everytime