Using Windows Firewall with Endpoint Protection Network Threat Protection installed

book

Article ID: 157135

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

When you deploy Symantec Endpoint Protection (SEP) with the Network Threat Protection (NTP) component to a Windows 7 or Windows Server 2008 machine, the Windows firewall status appears to be disabled, and the Windows Firewall control panel displays the following message: "These settings are being managed by vendor application Symantec Endpoint Protection"

Network Threat Protection contains the firewall component.

Enabling Windows firewall

Cause

In Windows 7 / Windows Server 2008 and later, Action Center, which has a universal interface for displaying the status of the firewall, anti virus, and other security- and maintenance-related programs, replaces the Security Center.

Resolution

This is the expected behavior of Symantec Endpoint Protection and computers running Windows 7 or later. The product is working as designed.

An installation of Symantec Endpoint Protection with Network Threat Protection automatically detects and disables Windows Firewall, if enabled. If you install Symantec Endpoint Protection without Network Threat Protection, an active Windows Firewall is not disabled.

To modify the status of the Windows Firewall:

  1. Log on to Symantec Endpoint Protection Manager.
  2. Create a new group for specifically for affected machines, such as Windows 7, and uncheck policy inheritance for this group under Clients > Group Name > Policies.
  3. Edit the Firewall policy and create a new Non-shared policy. You can also create a new policy under Policies > Firewall > Add a Firewall policy, and then assign it to your new group when finished.
  4. Click Windows Integration.
  5. Next to Disable Windows Firewall, select from the following options: 
    • No Action: Does not change the current Windows Firewall setting.
    • Disable Once Only (default): Disables the Windows firewall at startup the first time Symantec Endpoint Protection detects that the Windows firewall is enabled. On subsequent startups, Symantec Endpoint Protection does not disable the Windows firewall.
    • Disable Always: Disables the Windows firewall at every startup and enables the Windows firewall if the Symantec firewall is uninstalled.
    • Restore If Disabled: Enables the Windows firewall at startup.
    For Windows 7 and later, Symantec Endpoint Protection takes control of the Windows Firewall instead of disabling it. The Windows Firewall control panel displays the message "These settings are being managed by vendor application Symantec Endpoint Protection". However, the options available in this policy still function as expected.
  6. Click OK. 

Once the client's policy updates, changes to the Windows Firewall status take effect.

Note: As a best practice recommendation, you should only use one software firewall on a computer. Two software firewalls running on a computer might drain resources and one software firewall might have rules that conflict with the other. Enabling more than one firewall program is likely to result in conflicts and poor performance.

 

Applies To

 

  • Symantec Endpoint Protection with Network Threat Protection, with the firewall enabled
  • Windows 7, Windows Server 2008 and later

Attachments