Endpoint Protection

 View Only

  • 1.  Withdraw or disable a policy un sepm

    Posted Jul 04, 2013 01:07 PM

    Hi I would like to know what happen exactly when we make a withdraw of the firewall policy for a particylar group? Is it the same thing if you disable de firewall for the client? Thank you



  • 2.  RE: Withdraw or disable a policy un sepm

    Posted Jul 04, 2013 01:11 PM

    Basically, yes. Traffic will be allowed the pass without being inspected. It is in passthru mode, essentially.

    http://www.symantec.com/docs/TECH162868



  • 3.  RE: Withdraw or disable a policy un sepm

    Posted Jul 04, 2013 01:31 PM

    All incoming or ongoing traffic on the machine will by allowed if you disable/withdraw the policy - just one thing to note - even then the firewall driver will still be active and running on the machine, as it is partially used by IPS.



  • 4.  RE: Withdraw or disable a policy un sepm

    Posted Jul 04, 2013 02:09 PM

    Withdraw policy is useful if you want to use IPS but not the firewall. 

    Uncheck will take out both of them.



  • 5.  RE: Withdraw or disable a policy un sepm

    Broadcom Employee
    Posted Jul 04, 2013 02:11 PM

    Hi,

    Thank you for posting in Symantec community.

    I would be glad to answer your query.

    Check this article: Using policies to manage your network security

    http://www.symantec.com/docs/HOWTO26867

    Withdraw a policy

    If you do not want to delete a policy, but you no longer want to use it, you can withdraw it.

    You can withdraw any policy except an Antivirus and Antispyware Policy and a LiveUpdate Settings Policy.

    See Withdrawing a policy.

    Withdrawing a policy

    http://www.symantec.com/docs/HOWTO26858



  • 6.  RE: Withdraw or disable a policy un sepm



  • 7.  RE: Withdraw or disable a policy un sepm

    Trusted Advisor
    Posted Jul 05, 2013 06:31 AM

    Hello,

    Disabling or withdrawing a managed SEP client's Firewall policy does not disable the NTP firewall driver. It will affect the SEP client's NTP component differently depending on whether the client is in Server control mode, or Client/Mixed control mode.

    • Clients in Server control mode will place their NTP firewalls into passthrough mode. Network traffic will still pass through the NTP firewall driver and will only be evaluated against the Active Response block list.
    • Clients in Client or Mixed control mode will continue to use their client-side NTP policy.

    Network Threat Protection drivers (teefer.sys) need to be uninstalled to disable the NTP (Firewall) feature.

    So, in case you want to Permanently Disable Network Threat Protection (firewall) Feature from the client machines from SEPM, then the only way is to uninstall the Feature.

    Symantec Endpoint Protection: How to remove Network Threat Protection and Email Tools through the Symantec Endpoint Protection Manager.

    http://www.symantec.com/docs/TECH103055

    Check these Articles:

    How to disable Client Network Threat protection from the Symantec Endpoint Protection Manager

    http://service1.symantec.com/SUPPORT/ent-security.nsf/2326c6a13572aeb788257363002b62aa/083a3388bd9f7477ca2573910004866c?OpenDocument

    Check this Thread :

    https://www-secure.symantec.com/connect/forums/disable-symantec-endpoint-network-threat-protection

    Hope that helps!!