Symantec Endpoint Management (EPM) Partners Community

Problem

You install Symantec Endpoint Protection 11.0 without Network Threat Protection on a Windows 7 machine.

Windows 7 Firewall indicate that "These Settings are being managed by vendor application Symantec Endpoint Protection, even when Symantec Endpoint Protection (SEP) 11.0 Network Threat Protection (NTP) is not installed.

In the Windows 7 Firewall, Domain networks shows "Connected" with a Red "X", Home or Work (private) networks shows "Not Connected" with a Red "X" and Public networks shows "Connected" with a Red "X". even though Symantec Endpoint Protection Network Threat Protection is not installed.

You notice that on the Advanced settings screens of the Windows Firewall Control Panel indicates that the Windows Firewall is "On"

This behavior differs from that in XP, as in XP the Windows firewall is explicitly off.

ERROR

 "These Settings are being managed by vendor application Symantec Endpoint Protection".

Cause of the this Error:  

The behavior of Windows 7 in regards to 3rd party firewalls (such as SEP) differs slightly than previous versions of Windows. In Windows 7, Microsoft changed Security Center to Action Center. In Action Center, a more universal interface was created for protection technology (Firewall, Antivirus, etc). Windows Firewall is indeed turned off when SEP NTP is enabled, indicated by the Installed Firewall list, as well as the General Firewall status section indicating that firewall rules are being managed by SEP. To verify the true Windows Firewall status: Open Action Center -> Expand "Security". Find line item "Network Firewall On". Below is a link "View installed firewall programs": Symantec Endpoint Protection is listed as installed and On, Windows firewall is listed as installed and Off

Solution  

This is expected behavior, and both SEP 11.0 and the Windows 7 firewall are working as intended.

However, incase you would like to change the settings, then perform the steps given below:

1) Create a New Group specifically for "Windows 7" machines in the Symantec Endpoint Protection Manager 11

2) Move all the Windows 7 Machines from their Respective groups to the group created specifically for "Windows 7" machines.

3) Once all the above steps are completed, Go to the Policies Tab for the specifically "Windows 7" machines.

4) Open the "Firewall Policy" and Click on "Create Non-shared from Copy"

5) Uncheck the Box that states "Enable this policy" and Click on "OK" button.

You will see the Firewall Policy gets grayed out. (as shown below)

6) Click on Tasks next to Firewall Policy [non-shared] and click on "Withdraw Policy" and then Click on "Yes".

7) You will see the Firewall Policy completely removed from the Policies TAB of the "Windows 7" group.

Once completed with the above steps, within sometime we will see the Windows 7 Firewall Settings will be with Green Check and the Message ""These Settings are being managed by vendor application Symantec Endpoint Protection" disappear.