In the Windows SBS 2008 Console (and the nightly email that is sent out from it) - it randomly shows computers that cannot be queried for their Antivirus / Antispam status. I say randomly, because sometimes it does show them up - and other times it does not.
I'm guessing this is a firewall issue - but here's what's strange. The Endpoint SBS edition does NOT turn on (or use) Symantec Firwall by default (which I have confirmed in the console). YET - when I go to a workstation and pull up it's windows firewall management console - it tells me "These settings are being managed by vendor application Symantec Endpoint Protection". The Windows Firewall "IS" turned on - but I can't use the basic settings (like turn it off). So I used, as an experiment, the ADVANCED settings and added an ALL IN and ALL OUT rule (basically opening ALL ports in and out of the workstation). The SBS console still reports that it can't communicate with the client to verify that it's protected.
We're running Endpoint Protection SBS (latest build and version). Any insight on how to correct this would be appreciated. So two questions to be answered - 1) How do we fix the Windows Server Console to correctly ALWAYS show the true protection status of a client and 2) Why can't we make changes to the Windows Firewall that appears to be configred by Symantec??
Thanks,
Shawn