Endpoint Protection

Hello,

I recently noticed that our Windows Firewall is stating that "These settings are being managed by vendor application Symantec Endpoint Protection." I'm curious as to why this is... I'm not deploying Network Threat Protection in the feature set.  I do NOT want the SEP firewall or SEP to controll the windows firewall as we do this with Group Policies.

Our SEP clien tis 11.0.6100.645 x64

Please advise.

Are you pushing the install through the Group Policy?

Check this Kb

Advanced Settings for Windows 7 Firewall indicate that it is on, even when Symantec Endpoint Protection (SEP) 11.0 Network Threat Protection (NTP) is installed.

http://www.symantec.com/business/support/index?page=content&id=TECH123729&locale=en_US

Prahand,

No I'm using the find unmanaged clients within the SEPM console.

Also I forgot to mention these are Windows Server 2008 R2 machines and I DO want the Windows Firewall only (which is controlled via our GPOs).

Thanks

Curtiplas

What are the components of SEP are being installed?

Pranchand the feature set looks like this:

On the cmd please do a quer for teefer   sc queryex teefer2 and tell the result

Prachand,

Should I ran this both on the client and on the SEPM console and I got the following on both:

On a side note what does is teefer2 (looks like a driver from another post I saw that controls Communication/commands from/to the SEPM console to a client machine, is that correct?)

I too have this problem on Windows 7, SEP client 11.0.6100.  I had heard this problem was resolved in MP1, but apparently it's not.  I DO have Network Threat Protections components installed, but only the IPS.  No firewall policy is published to the client groups.  Any help is greatly appreciated.

Any Additional suggestions?

Is there a way to NOT have SEP touch my Windows Firewall at all?

i think this is the default behaviour since the WIndows firewall is disabled by default after another 3rd party Firewall managing the Windows OS.

No Windows Firewall is not, has not, and never will be disabled on these servers... I do NOT want SEP doing anything with the Windows Firewall, nor do I want the SEP firewall running.  I'm looking for essentially AV protection only on my servers...

So again, I don't see why this message would be on my Windows Firewall for the server.

Well,

I'm opening a support ticket, I'll update the post with what they say.

Last attempt :) 

Go to a command prompt and run wbemtest
• Click the Connect button
• Replace root\default with root\securitycenter and click Connect
• You will be returned to the original screen, now click the Enum Classes button, leave the Superclass info box that appears as is (empty) and click OK
• On the Query Results screen, highlight AntivirusProduct and choose the Delete button.
• Close the Query windows and exit wbemtest
• Now either reinstall or repair Symantec endpoint Edition

Okay I think I might have in-advertently found my solution...

Apparently even though NTP isn't installed on the servers and there is no SEP firewall, the default Firewall policy was still applied to the groups in SEP and as such those rules were applying to the servers' Windows firewall.

I believe this is the cause of my issue once I disabled the default Firewall policy, the message disapeared.

Does that make sense?  I thought that the Firewall policy only applied to the SEP firewall...?

This is a defect that is currently being investigated. If you are experiencing this issue I would recommend calling in and opening a case, the defects are addressed by how many clients are experiencing it.

If you decide to open a case, you can refer to the internal doc: TECH140897

Thank you the I've disabled the policy and that does the trick for me, but it is unfortunate that it works like that.  Thank you.

I agree curtiplas.

Please do keep an eye on those machines, we have reports that even disabling the policy causes the Windows Firewall to lock out again.

Having the same problem after upgrading our SEP manager to MP1 today.  Not very good software behavior...especially since I have around 100 managed clients that this update was pushed to.  Please fix this ASAP Symantec!

I tried disabling the default firewall policy so I'll see if that works in the next few days.

Hi,

as I've written in http://www.symantec.com/connect/forums/sep-110-ru6-mp1-manager-creates-broken-installation-packages we have this same problem. This is big house, and we have not yet found out who can make the call to Symantec tech support. So, I'm just saying that we'd need to get this fixed even though can't make the support call at the moment.

Best,

Olli Rajala

You have to go to policies in the management console and go to view policies.  Select the firewall policy and withdraw the policy.  You can force the update or wait until the client gets the updated policy.