Endpoint Protection Small Business Edition

 View Only
Back to discussions
Expand all | Collapse all

Windows Firewall and SEP both report they're turned off

  • 1.  Windows Firewall and SEP both report they're turned off

    Posted Apr 04, 2011 12:28 PM

    We've recently installed Symantec Endpoint Protection Small Business Edition (12.0.1001.95) with a variety of server and notebook clients.

    All seems to be working well, but today my notebook (running Windows 7) has flagged up a problem in the Action Center, saying 'Windows Firewall and Symantec Endpoint Protection both report that they are turned off'. Clicking on the 'View firewall options' button allows me to turn on either the Windows Firewall or Symantec Endpoint Protection, but neither option seems to do anything. Nothing has been changed on the server or my notebook.

    The firewall policy is as default, where it's not actually enabled. I've found the article http://www.symantec.com/connect/articles/windows-7-firewall-indicate-these-settings-are-being-managed-vendor-application-symantec-en which describes precisely the problem I have, but applies to SEP 11.0. The workaround provided isn't applicable to SEP SBE 12.0. The article says that this is just a quirk when the client is running Windows 7 and that the Windows Firewall is actually turned on. Is this still the case with 12.0?

    Is there a way to avoid having Windows telling me I have no firewall enabled?

     

    Thanks.



  • 2.  RE: Windows Firewall and SEP both report they're turned off

    Posted Apr 04, 2011 04:55 PM

    Since SEP 12 is based off a previous version of SEP 11, I believe the behavior is going to be the same. The workaround will not apply to SEP 12 due to the fact that some of the features have been removed to simplify the product.

    I will continue looking for more information on this, and get back to you.

     

    Thomas



  • 3.  RE: Windows Firewall and SEP both report they're turned off

    Posted Apr 05, 2011 06:11 AM

    The 'Windows Firewall and Symantec Endpoint Protection both report that they are turned off' message isn't showing today; it's reporting the Symantec Endpoint Protection as being on but the Windows Firewall as off. As the firewall policy isn't enabled I'm not sure whether that means I have a firewall on my machine or not.

    Thanks, Neil.



  • 4.  RE: Windows Firewall and SEP both report they're turned off

    Trusted Advisor
    Posted Apr 05, 2011 08:39 AM

    Hello,

    To check if the Network Threat Protection (Symantec Firewall) is Turned on or off?

    Simple Open the Symantec Endpoint Protection 12 and under status page, you will see "Network Threat Protection" shown with green check and it says 'ON'.

    If incase, you have disabled the Symantec Firewall policy from Symantec Protection Center, it means that the Network Threat Protection on the SEP Clients machine is not enabled or disabled (even if the feature is installed).



  • 5.  RE: Windows Firewall and SEP both report they're turned off

    Posted Apr 05, 2011 09:47 AM

    The Network Threat Protection is on, but the policy for the firewall defined in Symantec Protection Center is not enabled - the default setting.



  • 6.  RE: Windows Firewall and SEP both report they're turned off

    Trusted Advisor
    Posted Apr 05, 2011 10:35 AM

    Hello,

    Open the Symantec Endpoint Protection 12 and under status page, you will see "Network Threat Protection" shown with green check and does it says 'ON'?

    If it says 'ON', Network Threat Protection (Firewall) is ON and enabled.

     



  • 7.  RE: Windows Firewall and SEP both report they're turned off

    Posted Apr 05, 2011 10:51 AM

    Yes, the status is shown as On, but how does that tally with the firewall policy not being enabled in the Protection Center? That suggests to me that the Symantec firewall has been enabled on the client at the expense of the Windows firewall, but no firewall rules have been setup and therefore the client is potentially vulnerable (although being behind a NAT router I'm not overly concerned).

    To be honest, when I added the first few clients through the Protection Center I didn't install the Network Threat Protection application as all our notebooks have Windows 7 installed and have been using the built in firewall. I later included the Network Threat Protection module as the 'Endpoint Status' chart in Protection Center showed all clients as disabled without it, thus masking whether or not the anti-virus software on the client machines was up to date.

     

    Thanks.



  • 8.  RE: Windows Firewall and SEP both report they're turned off

    Trusted Advisor
    Posted Apr 05, 2011 11:12 AM

    Hello,

    Check this...

     

    SEP 12 and firewall policies
     
    http://www.symantec.com/business/support/index?page=content&id=TECH123002
     
    How the Firewall policy applies to your groups in SEP 12
     
    http://www.symantec.com/business/support/index?page=content&id=TECH123003
     
     
     
     
    Hope that helps.


  • 9.  RE: Windows Firewall and SEP both report they're turned off

    Posted Apr 05, 2011 12:17 PM

    I'll look into enabling the policy for our notebooks, but I'm still not sure if the built-in Windows firewall is actually turned on or not. Looking at the 'Windows Firewall with Advanced Security' window (as mentioned in the link in my original post) it claims that it is, so I'm a bit reluctant to now configure another firewall and end up with 2 firewalls running.

     

    Thanks.



  • 10.  RE: Windows Firewall and SEP both report they're turned off

    Trusted Advisor
    Posted Apr 05, 2011 12:48 PM

    Hello,

    It is always recommended to have only 1 software firewall on the Machine. 

    It is best practice that only one software firewall should be run on a computer. Two firewalls that run on one computer at the same time can drain resources, and the firewalls might have rules that conflict with each other. Enabling more than one firewall program is likely to result in conflicts and poor performance. 

     

    Check this:

    About Windows Firewall and Symantec Endpoint Protection's NTP

     

    http://www.symantec.com/business/support/index?page=content&id=TECH97986


  • 11.  RE: Windows Firewall and SEP both report they're turned off

    Posted Apr 06, 2011 04:11 AM

    Yes, I only want to have one firewall enabled, but I'm trying to determine which firewall that is.

    I'm in the situation outlined in this document - https://www-secure.symantec.com/connect/articles/windows-7-firewall-indicate-these-settings-are-being-managed-vendor-application-symantec-en - where the Symantec firewall is installed but the policy is not enabled, and yet it appears to have turned off the built in Windows firewall. However, according to this article, the Windows firewall is still enabled, but that applies to SEP 11 rather than SEP 12 and the workaround given isn't applicable.

    What I would like is to just have the Windows firewall enabled, and be sure that it is enabled. I know I could remove the Network Threat Protection module, but if I do that then Symantec Protection Center just shows all the clients as disabled rather than showing whether their anti-virus software is up to date or not. which makes it rather pointless.

    Thanks.



  • 12.  RE: Windows Firewall and SEP both report they're turned off

    Trusted Advisor
    Posted Apr 06, 2011 09:29 AM

    Hello,

    This document is for the Symantec Endpoint Protection 11 and not for your Symantec Endpoint Protection SBE 12.

    Did you say, "Removing the Network Threat Protection module from the SEP, then Symantec Protection Center just shows all the clients as disabled rather than showing whether their anti-virus software is up to date or not."?

    That seems to be a Bug in the Software and Symantec is already working on it. Check the symantec knowledgebase Article below:

     

    Client Endpoint Protection Status is "disabled" on the home page in the Symantec Protection Center when firewall is not installed
     
    http://www.symantec.com/business/support/index?page=content&id=TECH123000
     
     
    Hope that works for you.


  • 13.  RE: Windows Firewall and SEP both report they're turned off

    Posted Apr 06, 2011 11:32 AM

    I notice that article is showing as being created on 4th Jan 2010! If that's the case, is there ever likely to be a fix?

    And is there no equivalent workaround for the firewall status in version 12 as there is in version 11? I'd really like to know which (if any) firewall I have running.



  • 14.  RE: Windows Firewall and SEP both report they're turned off
    Best Answer

    Trusted Advisor
    Posted Apr 07, 2011 08:59 AM

     

    Hello Neil,

    I understand. However, as of now all I know is that Symantec Engineers are working on the same to get this  issue fixed.

    To Answer your Question, 

    I would say, In case, if you have not Installed Symantec Network Threat Protection, you can Enable the Windows Firewall.

    If you have Installed Symantec Network Threat Protection Feature, you can have Windows Firewall Disabled and get fully Protected by Symantec Firewall.

    The issue stated above is just limited to the Home Screen and nothing more. 

    It does not mean Symantec is disabled. 

    You are Fully Protected by Symantec.



  • 15.  RE: Windows Firewall and SEP both report they're turned off

    Broadcom Employee
    Posted Apr 07, 2011 11:49 AM

    This issue was noticed in 2 SEP 12.0.x releases (12.0.122.192 and 12.0.1001.95). The last was released in November 2009 (see https://www-secure.symantec.com/connect/articles/what-are-symantec-endpoint-protection-sep-versions-released-officially) - the next release would be 12.1 codename "Amber" which is planned to be released in few months (summer this year).



  • 16.  RE: Windows Firewall and SEP both report they're turned off

    Posted Apr 07, 2011 12:21 PM

    Ok, I'll just enable the policy for the Symantec firewall and leave it at that.

    Thanks.