Endpoint Protection

I'm  trying to run Win7’s Firewall managed via GPO while also running SEP with Intrusion Prevention enabled.   I found a knowledge base article that says it can be done; just remove the SEP Firewall policy from the console group, which makes it run in pass-through mode and allows the Windows Firewall to be active.  <http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2009120816110248> 
 
Another article says if set a GPO for the Windows Firewall, that'll take over, but I already have that in place and even removing the SEP Firewall policy, it’s still a problem (in 32 or 64bit Win7/SEP, 11MR5 and 1MR6a).   When a Win7 computer boots up and SEP starts, the Windows Firewall will function if it’s service is re-started.  Having to restart the service every time is too clunky though.    I may get into using SEP's firewall later but for now I want to use the Windows one.  Has anyone solved this issue?

No ideas?

Create a firewall policy that allows all traffic thru

For x64 version of Windows, SEP firewall will not function, so do not install.  There are certain portions of x64 implementation within NTP that still neeed to be addressed by Symantec.

When installing SEP (unmanaged) there is a propt that asks if you want to disable the Window Firewall.  I believe this is what you are seeing.

You say, the Windows Firewall works if you restart the service.  Does this mean the service is running and you need to restart it or is it not running at all and requires you to "enable" it?  Is the service set to "Automatic"?

If I remember correctly this issue was fixed in RU6MP1. I had the same problem here and it did not occur anymore after upgrading to MP1. I did not test on Windows 7 X64 however.

https://www-secure.symantec.com/connect/forums/windows-7-firewall-sep-ips

Windows Firewall is always disabled by SMC service
Fix ID: 1992008
Symptom: The Windows Firewall is disabled even though a policy is in place that dictates it to be enabled.
Solution: If Symantec Endpoint Protection Firewall is disabled in a location, the Windows Firewall will be turned on. If Symantec Endpoint Protection Firewall is enabled in a location, the Windows Firewall will be turned off.

http://service1.symantec.com/SUPPORT/ent-security....

Firewall does work on 64-bit

Symantec Endpoint Protection 11.0 compatibility with 64-bit platform

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/16c37e1b65da45938825728b00666d36?OpenDocument

"For x64 version of Windows, SEP firewall will not function, so do not install.  There are certain portions of x64 implementation within NTP that still neeed to be addressed by Symantec."

As Brian said, this is an incorrect Statement.

"For x64 version of Windows, SEP firewall will not function, so do not install".  May , as you say be incorrect.  But was once true.

"There are certain portions of x64 implementation within NTP that still neeed to be addressed by Symantec."

Q: Why doesn't Device Control work on Windows Vista 64-bit?
A: Device Control will not work on a client running the 64-bit version of Windows Vista 64-bit. Windows Vista's Patch Guard prevents this action . The Device Control feature does not currently exist on any 64-bit platforms.

Device control as I understand it, is part of NTP.


I apologize for tossing the Firewall component in the mix. 

* I OFTEN forget, Firewall is not part of the NTP component *

I had same issue and RU6MP1 fixed it