Endpoint Protection

Hello everyone,

I have been bashing my head against this probelm for a while now. Is there any way to remotely push the SEP client to computers running Windows XP sp3 with the Firewall enabled? I have opened the File and Printer Sharing in Group Policy and tried to open the ports that are mentioned in the article "http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/3e95d7f0ebf56f6088257393005bd82b?OpenDocument"

I have pushed the client install to a computer with the firewall turned off and it did work. The problem I have is that people are located in multiple locations and often not directly conneted to the internal network. At this point we are planning on continueing to use Widnows Firewall after the upgrade to SEP.

If I can I would prefer to keep the firewall running while I upgrade people to SEP.

Thanks for any help and suggestions you may have.

Bernard

Why use the Windows firewall? SEPs is FAR superior and much more configurable - and you can make it location aware.
Do this if on our network, do that if not on our network, for example.
Windows own firewall is a stop-gap at best - something to use until something better is installed.
Are the install files getting to the computer to begin with? It should copy files into the C:\temp folder by default then launch setup.
I've seen cases where the files were being blocked, and cases where they made it, but the launch of the install wasn't happening. Different issues with different causes.

Is it that, even after

Allowing the File and Printer Sharing in Group Policy for Firewall, > you getting the same Error: "No Network Provider accepted given the network path" ?

Did you try a telnet to the file and print sharing ports ones mentioned in the Article (http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007111408431148)

TCP - 139
TCP - 445
UDP - 137
UDP - 138


Thanks :)

Hi,

did you already read the CD1\documentation\installation_guide.pdf?
There is a whole chapter dedicated to the preparation of the clients for the SEP deployment, including the Windows firewall (it is not compulsory disabling it).

Regards,

On the same client but I agree it is wise of you to not disable the XP SP3 firewall before SEP is installed.

File and Print sharing has to be allowed like you done already but I think you also need a combination of the ports in this link to really pull it off.

I could not find any exact information to you need but if you have time to test here is where to start.

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/edda0cd89141a6788025734e004b6a02?OpenDocument

You can use this tool to help you with the remote push installation troubleshooting

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/6a3cfd5b634b529a88257530005c9e42?OpenDocument

The install files do not make it to the client.  When I try pushing the install files I get "No network provider accepted the given network path."

As to windows firewall vs SEP firewall, we may switch at some point in the future but for now we are not planning on moving.

Bernard

Well I did finaly get it working. It was an interesting issue that I am not sure how I caused or what caused it.

For some reason I was not able to connect to the administrative shares on my test computers because a registry key was missing. I added the key hklm\System\CurrentControlSet\Services\LanmanServer\Parameters > IRPStackSize DWORD  0x00000010. Once this was there everything worked perfectly.

Thank you for the suggestions that you all gave. Knowing that it was possible to install the client while the windows firewall was running helped me figure this out.

Bernard