It appears that many of our 2008 servers get the WIndows firewall ENABLED after the upgrade to SEP 12 (problem occurred on twelve servers over the weekend). The current SEP 11 server installation includes AntiVirus and Proactive Threat Protection. Server scans occur weekly. Real time scanning is disabled.
The server upgrade to version 12 ONLY installs virus and spyware protection. Servers scans run weekly and real time scanning is disabled here as well. We are installing SEP 12.1.1101.401 (RU1 MP1)
In our situation the Windows Firewall is ALREADY disabled. I need to understand if and why the Symantec upgrade is RE-ENABLING the WIndows firwall! This is a big problem for us. I did read a tech note, 97986 that talks about this to some degree. It was cited as a resolution, however I don't see that as being applicable in our case.
". . . To prevent this situation, SEP's installer automatically detects and disables Windows firewalls that are enabled. (The exception is, of course, if a custom install package is created which does not include NTP. If this Symantec firewall is not included in the install, an active Windows Firewall will not be disabled during install.)"
In our situation the Windows firewall is ALREADY disabled. According to the article, without NTP, the firewall WON'T be disabled. Is Symantec turning it back on since it detects that no firewall is running? If so, this is an ISSUE! I need to understand if and why the Symantec upgrade is RE-ENABLING the WIndows firwall.
Thanks,
Dino Ingram