Video Screencast Help

Windows Firewall and SEP both report they're turned off

Created: 04 Apr 2011 • Updated: 10 May 2011 | 15 comments
This issue has been solved. See solution.

We've recently installed Symantec Endpoint Protection Small Business Edition (12.0.1001.95) with a variety of server and notebook clients.

All seems to be working well, but today my notebook (running Windows 7) has flagged up a problem in the Action Center, saying 'Windows Firewall and Symantec Endpoint Protection both report that they are turned off'. Clicking on the 'View firewall options' button allows me to turn on either the Windows Firewall or Symantec Endpoint Protection, but neither option seems to do anything. Nothing has been changed on the server or my notebook.

The firewall policy is as default, where it's not actually enabled. I've found the article http://www.symantec.com/connect/articles/windows-7... which describes precisely the problem I have, but applies to SEP 11.0. The workaround provided isn't applicable to SEP SBE 12.0. The article says that this is just a quirk when the client is running Windows 7 and that the Windows Firewall is actually turned on. Is this still the case with 12.0?

Is there a way to avoid having Windows telling me I have no firewall enabled?

 

Thanks.

Comments 15 CommentsJump to latest comment

Thomas K's picture

Since SEP 12 is based off a previous version of SEP 11, I believe the behavior is going to be the same. The workaround will not apply to SEP 12 due to the fact that some of the features have been removed to simplify the product.

I will continue looking for more information on this, and get back to you.

 

Thomas

Ooyala - Check us out!

Neil S's picture

The 'Windows Firewall and Symantec Endpoint Protection both report that they are turned off' message isn't showing today; it's reporting the Symantec Endpoint Protection as being on but the Windows Firewall as off. As the firewall policy isn't enabled I'm not sure whether that means I have a firewall on my machine or not.

Thanks, Neil.

Mithun Sanghavi's picture

Hello,

To check if the Network Threat Protection (Symantec Firewall) is Turned on or off?

Simple Open the Symantec Endpoint Protection 12 and under status page, you will see "Network Threat Protection" shown with green check and it says 'ON'.

If incase, you have disabled the Symantec Firewall policy from Symantec Protection Center, it means that the Network Threat Protection on the SEP Clients machine is not enabled or disabled (even if the feature is installed).

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Neil S's picture

The Network Threat Protection is on, but the policy for the firewall defined in Symantec Protection Center is not enabled - the default setting.

Mithun Sanghavi's picture

Hello,

Open the Symantec Endpoint Protection 12 and under status page, you will see "Network Threat Protection" shown with green check and does it says 'ON'?

If it says 'ON', Network Threat Protection (Firewall) is ON and enabled.

 

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Neil S's picture

Yes, the status is shown as On, but how does that tally with the firewall policy not being enabled in the Protection Center? That suggests to me that the Symantec firewall has been enabled on the client at the expense of the Windows firewall, but no firewall rules have been setup and therefore the client is potentially vulnerable (although being behind a NAT router I'm not overly concerned).

To be honest, when I added the first few clients through the Protection Center I didn't install the Network Threat Protection application as all our notebooks have Windows 7 installed and have been using the built in firewall. I later included the Network Threat Protection module as the 'Endpoint Status' chart in Protection Center showed all clients as disabled without it, thus masking whether or not the anti-virus software on the client machines was up to date.

 

Thanks.

Mithun Sanghavi's picture

Hello,

Check this...

 

SEP 12 and firewall policies
 
http://www.symantec.com/business/support/index?page=content&id=TECH123002
 
How the Firewall policy applies to your groups in SEP 12
 
http://www.symantec.com/business/support/index?page=content&id=TECH123003
 
 
 
 
Hope that helps.

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Neil S's picture

I'll look into enabling the policy for our notebooks, but I'm still not sure if the built-in Windows firewall is actually turned on or not. Looking at the 'Windows Firewall with Advanced Security' window (as mentioned in the link in my original post) it claims that it is, so I'm a bit reluctant to now configure another firewall and end up with 2 firewalls running.

 

Thanks.

Mithun Sanghavi's picture

Hello,

It is always recommended to have only 1 software firewall on the Machine. 

It is best practice that only one software firewall should be run on a computer. Two firewalls that run on one computer at the same time can drain resources, and the firewalls might have rules that conflict with each other. Enabling more than one firewall program is likely to result in conflicts and poor performance. 

 

Check this:

About Windows Firewall and Symantec Endpoint Protection's NTP

 

http://www.symantec.com/business/support/index?page=content&id=TECH97986

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Neil S's picture

Yes, I only want to have one firewall enabled, but I'm trying to determine which firewall that is.

I'm in the situation outlined in this document - https://www-secure.symantec.com/connect/articles/w... - where the Symantec firewall is installed but the policy is not enabled, and yet it appears to have turned off the built in Windows firewall. However, according to this article, the Windows firewall is still enabled, but that applies to SEP 11 rather than SEP 12 and the workaround given isn't applicable.

What I would like is to just have the Windows firewall enabled, and be sure that it is enabled. I know I could remove the Network Threat Protection module, but if I do that then Symantec Protection Center just shows all the clients as disabled rather than showing whether their anti-virus software is up to date or not. which makes it rather pointless.

Thanks.

Mithun Sanghavi's picture

Hello,

This document is for the Symantec Endpoint Protection 11 and not for your Symantec Endpoint Protection SBE 12.

Did you say, "Removing the Network Threat Protection module from the SEP, then Symantec Protection Center just shows all the clients as disabled rather than showing whether their anti-virus software is up to date or not."?

That seems to be a Bug in the Software and Symantec is already working on it. Check the symantec knowledgebase Article below:

 

Client Endpoint Protection Status is "disabled" on the home page in the Symantec Protection Center when firewall is not installed
 
http://www.symantec.com/business/support/index?page=content&id=TECH123000
 
 
Hope that works for you.

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Neil S's picture

I notice that article is showing as being created on 4th Jan 2010! If that's the case, is there ever likely to be a fix?

And is there no equivalent workaround for the firewall status in version 12 as there is in version 11? I'd really like to know which (if any) firewall I have running.

w-d's picture

This issue was noticed in 2 SEP 12.0.x releases (12.0.122.192 and 12.0.1001.95). The last was released in November 2009 (see https://www-secure.symantec.com/connect/articles/w...) - the next release would be 12.1 codename "Amber" which is planned to be released in few months (summer this year).

Mithun Sanghavi's picture

 

Hello Neil,

I understand. However, as of now all I know is that Symantec Engineers are working on the same to get this  issue fixed.

To Answer your Question, 

I would say, In case, if you have not Installed Symantec Network Threat Protection, you can Enable the Windows Firewall.

If you have Installed Symantec Network Threat Protection Feature, you can have Windows Firewall Disabled and get fully Protected by Symantec Firewall.

The issue stated above is just limited to the Home Screen and nothing more. 

It does not mean Symantec is disabled. 

You are Fully Protected by Symantec.

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

SOLUTION
Neil S's picture

Ok, I'll just enable the policy for the Symantec firewall and leave it at that.

Thanks.