Endpoint Protection

I have a couple of issues with the Symantec Endpoint, I have exported a Install package from the Symantec Endpoint Manager... And i added a Client Install Feauture Set, I unticked the Network Threat Protection See:

And i deployed the msi with the Group Policy to a bunch of Computers, but it seems as that the Nework Threat Protection installed anyway... See below... And when i get to the control panel (Action Center) i see that Symantec is running as the firewall.. but i want to use the Windows Firewall and not the symantec? What am i doing wrong?

Hello,

Once the installation is completed, please restart the machine and check again.

Secondly for Enabling Windows Firewall, check these settings in SEPM firewall policy.

1.Login to SEPM.

2. Click on Policies.

2.Click on Firewall. Highlight the policy in the right pane. Click on Edit the policy.

3. In Windows Integration tab, choose "Do Nothing" in Disable Windows Firewall.

Secondly, check these Articles:

Windows firewall is disabled after migration to a 12.1 RU2 client without NTP firewall feature

http://www.symantec.com/docs/TECH200415

How to disable windows firewall in Windows server 2008 R2 64 bit by setting in SEPM

http://www.symantec.com/docs/TECH183375

Using (Enabling) Windows Firewall with SEP NTP installed

http://www.symantec.com/docs/TECH197660

Hope that helps!!

The other thing to note is if the firewall piece is not installed it should be in use.

In the firewall policy on the Windows Integration tab, for Disable Windows Firewall set it to No Action

HI, what is the version of SEPM and the version of the package that you deployed?

If the package was created without NTP feature - after installation this feature should no appear at all - can you try recreating the install package again - before that please create a new Client Install Feature Set (again without Firewall) just to exlude policy corruption - maybe there was some problem here.

Already done these steps, its still not working

Thanks

Shane

Yes, we are experiencing the same issues.

What version of 12.1 is this happening on?

SEPM 12.1.1000.157 RU1

The version of the packed i deployed is 12.1000.157

Alright i am gonna try and create a new Client Install Feature, and install the Symantec again..

Thanks

Shane

Could it be picking up an inherited policy?

It's possible, you would need to check though to confirm.

HI,

Check the client group where sep client are showing.

Client Group -> Install Package...

any client package available

How to add or remove features to existing Symantec Endpoint Protection (SEP) client installations

http://www.symantec.com/business/support/index?page=content&id=TECH90936

Hello,

Could you please create a New package (without NTP) in .msi package (by unchecking the "Create a single .exe file for this package), check this Article:

http://www.symantec.com/docs/TECH165483

Once done, please check the setaid.ini to confirm if the NTP is getting installed in the package. Check this Article - 

http://www.symantec.com/docs/TECH102668

Hope that helps!!

All the the deployed clients goes into the OF group, and in this group, i have withdrwan the firewall and intrusion prevention.. 

I recreated the the installation package once again with the NTP, and the Application device disabled.It looks like it still something wrong, the NTP still gets installed.. There is something weird going on here.. : Its getting on my nerves :)

Hello,

Could you please create a New package (without NTP) in .msi package (by unchecking the "Create a single .exe file for this package), check this Article:

http://www.symantec.com/docs/TECH165483

Once done, please check the setaid.ini to confirm if the NTP is not getting installed in the package. Check this Article - 

http://www.symantec.com/docs/TECH102668

Hope that helps!!

The  policy assigned to the client group should not matter - even if FW policy is assigned here but the component is not installed on client it would not apply and certainly it would not force the client to install the feature.

I did do a .msi package but it still doesn't work.!

Here is the setaid.ini from the .msi package.. as we can see here the NTP is disabled?

; NOTE: Do not edit the config below
[PREDEFINED_SMC_CONFIG]
AppType=105
VendorID=4096
PlatformType=WIN64BIT
PackageChecksum=2ad33d83ea714bfa8593bfd4f540b2b9

; User configureable options
[CUSTOM_SMC_CONFIG]
InstallNewInstanceOnly=0
InstallUserInterfaceLevel=s
KeepPreviousSetting=1
InstallationLogDir=%TEMP%\SEP_INST.LOG
DestinationDirectory=
LaunchIt=1
AddProgramIntoStartMenu=0

OptOutRepSubmission=1
UIRebootMode=0
RebootSchedule=NOW
AutoReboot=true
RebootRandomize=true
RebootPromptMessage=The Symantec Endpoint Protection installation requires this computer to restart.
SnoozeInterval=60
RebootDisplayTimeout=60
RebootMethod=SERVER
RebootMinutes=180
Countdown=5
RebootDay=TODAY
RebootRandomizeHours=2
PromptType=COUNTDOWN
RebootMaxSnoozeCount=3
RebootPromptUser=true
HardReboot=true
[LU_CONFIG]
ServerProduct=SESM AntiVirus Client Win64
ServerLanguage=English
ServerVersion=12.1.1000
SequenceNumber=0
ServerMoniker={43EEFBAE-0AB4-F6D4-0039-BF120CC562DF}
ClientProduct=SESC AntiVirus Client Win64
ClientLanguage=English
ClientVersion=12.1.1000
ClientMoniker={D410C452-0AB4-F6D4-0039-BF12E41A5E54}
SequenceTag=PATCH
ShortName=spcAvClient64en_12_1
DisplayName=Symantec Endpoint Protection Win64 12.1.1000.157 (English)
CONNECT_LU_SERVER=0

[FEATURE_SELECTION]
Core=1
SAVMain=1
Download=1
OutlookSnapin=1
NotesSnapin=0
Pop3Smtp=1
PTPMain=1
TruScan=1
DCMain=0
NTPMain=0
Firewall=0
ITPMain=0
 

/Shane

Are these target computers clean installs or did they have already some older SEP version installed previously?

If there was, please have a check if in the client install setting the opiton: "Maintain existing client features when upgrading" is unchecked.

Have a look here:

http://www.symantec.com/docs/TECH90936

The computers are clean installs :)

/Shane

Application Control will show up under Network Threat Protection.
This is as designed.You can also see this by going to "add remove programs" and clicking modify,

Regards

Torb

Hi

What is the version you are installing ?

Regards

The version of the packed i deployed is 12.1000.157..

So I have tried all kind of workaround, still dont get it to work.. The only thng that work is when i install the symantec endpoint client, i have to on the control panel/add remove programs and modifie the installation..To not have the NTP installed..?? How do i not get the NTP installed from the beginning from the deployed MSI.. I tought the setaid config file, helped with this?

/Shane

shaniie - have you tried already to recreate the "Client Install Feature" policy - we discussed that before but I don't se eyour update on that. Can you confirm?

Can you check one more thing - for a test deploy a install package with a feature set from "Basic Protection for Servers" - this should have only the AV installed - does after deployment the Firewall gets installed here as well?

Are you deploying those package by Push Deployment - if yes can you manually copy the package to the target machine and execute - does the firewall component get installed as well?

I was thinking here about the posibility that the package you are sending out from SEPM is not the same as a package that arrives at target machine - some cached version of older package or so... but not sure if this is possible.

Hello,

I agree with the above comments.

In addition to above, could you also try installing an Unmanaged client setup from the SEP 12.1 DVD??

Symantec_Endpoint_Protection_12.1_Full_EN\SEP\Setup.exe

This unmanaged client can be later turned to managed by simply replacing the sylink.xml file.

http://www.symantec.com/docs/TECH157585

Hope that helps!!

hey Sebastian,,

I did recreate the Client Install Feature, but it still does not work :(

And i did the Basic Protection for servers, same thing here..The firewall gets installed anyway

/Shane

No no Push Deployment, i tried that tooo but still doesn't work..

And I am using Group Policy Sep64.msi to push the install out to clients,, same thing here the firewall gets installed dont matter how much i try with teh basic server install feature..

And i try manually to install the client but all features get installed anywayss. the only thing i can do to disable the firewall is to do i maanually from  the add remove programs/modify...

I tried restarting the SEPM service on the server, and then exporting a new package, but same o same?

I dont want to manually go and modify all the sep clients on all computers, to disable the NTP...

Any more help will be really appreciated..

/Shane