Differentiate between different SEP Client FW States
Ideally we want the SEPM to be able to differentiate between a client's SEP firewall being disabled by the FW policy being withdrawn (SEP Administrator does not want the client FW to be on), and the FW being disabled by the end user (SEP Admin wants the FW to be on, but end user has disabled it and has been given the power to do so).
This will allow more accurate reporting, and provide SEP Admins with a better idea of the security of their managed endpoints (especially if mutliple network zones exist with different FW requirements).
Currently in RU2, a client will report its FW is disabled (and contribute towards the thresholds in the Security Status on the SEPM) even if the FW is meant to be disabled in its current location.
Historically, prior to 12.1RU2, the FW component is reported as enabled even if the FW policy has been withdrawn and it is not doing anything, as per:
Finally, the description within the Security Status needs to be updated to correctly reflect that the Firewall is not necessarilly NTP. NTP should only really say it is disabled if both the FW and IPS components are disabled.