Endpoint Protection

On the previous version of windows 10 (1703) the windows firewall was controlled by symantec and this was shown in the windows firewall with the text "these settings are being managed by vendor application symantec endpoint protection" (see picture 1).

After the update to Win 10 fall creators (1709) the windows firewall was renamed to "Windows Defender Firewall" and after upgrade to SEP 14.0.1 (14 RU1) (Build 3752) this text is no longer there (see picture 2).

Now I'm quite sure the windows firewall and SEP firewall are working next to each other.

Is this normal ?

Is it due to the SEP 14.0.1 or due to the win 10 update?

Picture 1 (win 10 SEP 14 MP2)

Picture 2 (Win 10 SEP 14 RU1)

Is this client in the same group that the policy was applied to with MP2? This can be set within the firewall policy. If so, Symantec and/or Microsoft would need to verify. Probably need to engage Symantec first, since that will be less painful. Seems like something changed within SEP though.

Opened a case with Symantec to have a look at this issue.

You are correct.  Prior to Windows 10 1709, SEP would properly disable the Windows Firewall in favor of it's own.  As it stands now, both Firewalls are running.  There is a Symantec article about this in which they don't yet know why it's doing this; but they will update the article as they research it.  https://support.symantec.com/en_US/article.TECH237177.html

This is unfortunate, because on an endpoint if you ever needed to uninstall SEP, the Windows Firewall would turn back on.  If you explicitly disable the Windows Firewall and SEP is uninstalled for whatever reason, the endpoint will be without a firewall.

You are correct, this is not expected behavior.  Prior to Windows 10 1709, Symantec Endpoint Protection would gracefully disable the Windows Firewall in favor if its own.  In addition, if SEP was ever uninstalled from an endpoint, the Windows Firewall would re-engage.  I thought SEP 14 RU1 (3752) would resolve this, but it doesn't.  Both the Windows Defender Firewall and SEP Firewall show enabled.

Symantec's article (https://support.symantec.com/en_US/article.TECH237177.html) says it is unknown why this is happening; but that they are aware and will update that document as information becomes available.  The only way I’ve been able to disable the Windows Defender Firewall is through Group Policy.  But the problem with doing that is if SEP is ever removed from an endpoint, for whatever reason, the Windows Defender Firewall will be off; leaving the endpoint without an engaged firewall.

Hi,

I upgraded one test machine to 1709.  In my case, the Windows Defender Firewall remained off but the notation about endpoint managing the settings was gone.  However, the Windows Defender Security Center in the System tray now has a green check mark.  When I opened it, categories "Virus & threat protection" and 'Firewall & network protection" now say "Status unavailable, open Symantec Endpoint Protection for information."  Also, in blue lettering, "Open Symantec Endpoint Protection" is shown in a larger font beneath the informational blurb I just noted.

Windows seems to know Symantec is controlling things.

CQ

see this one:

https://support.symantec.com/en_US/article.TECH247987.html

I just read TECH247987,  The article also references TECH123729.  I ran  netsh advfirewall show global  on my W10 1709 machine and I see:

Categories:
BootTimeRuleCategory                  Windows Defender Firewall
FirewallRuleCategory                  Windows Defender Firewall
StealthRuleCategory                   Windows Defender Firewall
ConSecRuleCategory                    Windows Defender Firewall

Now I am totally confused.  Windows Defender firewall is Off and and SEP 14 RU1 firewall is On. Why am I seeing the Defender firewall is controlling the 4 categories?  Any insights appreciated.

CQ

This is the good article about it.  But we have to wait for the next SEP version.

It gets even worse.

When you install SEP 14.0.3752.1000 or 14.0.2415.0200 on the Win 10 1709 the firewall driver does not even get installed.

If you hoover over the system tray icon it states "Symantec Endpoint Protection" "Firewall driver is not loaded".

I hope Symantec will not wait to long with a Patch or Update to solve the issues there are when installing SEP on Win 10 1709 version.

@KSBE

I have not seen "Firewall driver is not loaded" on the two machines I upgraded.  However they both had 14 RU1 installed BEFORE they they were upgraded to 1709.  I assume you did a fresh, managed install of 4 RU1 on a 1709 machine?

What are you hearing from support on your case?  Your comment seems to imply the only solution is wait for the next SEP release.  If true, I find that very disappointing......

CQ

@CQ

We install it by creating a full exe package from the SEPM and then install it on our machines.

Yes correct we only see the issue with the firewall when we install the 14RU1 on the Win10 1709 version.

We also have tested the previous SEP version and also there the firewall does not get installed when installed on the win 10 1709.

Some post above a link was posted by S_K where Symantec states that there is an issue and you need to wait for the next release.

https://support.symantec.com/en_US/article.TECH247987.html

I hope someone at symantec reads this and they will act ASAP to solve the issue.

Sidenote :

I did create a support case, and they called me several times that they where investigating, some time later the webpage (see the link) was posted and they called me a final time to say that they will close the case ..... I must say that the conversation was in English, but some of the conversation was lost due to bad connection and the rather poor English. Next time I need to open a case, I will ask for e-mail or chat support and not by phone anymore.

Hello, does anyone know to inform, if they have already made available a solution to this situation of Firewall?

The answer is in the link to the Tech article 247987.

FYI : I'm now unsubscribed from this Post.