Symantec Endpoint Protection Manager (SEPM) is reporting on the Home Page under Endpoint Status clients as Disabled when the SEPM administrator has withdrawn the firewall policy. Clicking on Endpoint Status to see more details the client is reporting the firewall status as disabled.
The Endpoint Status on the Home Page will list the affected clients as disabled and clicking on details will show Firewall Status as Disabled for affected clients.
This occurs the first time you disable or withdraw the firewall policy from a client group and the firewall component on the client has never been disabled previously.
This issue is fixed in Symantec Endpoint Protection 12.1.6.4 - RU6-MP4. For information on how to obtain the latest build of Symantec Endpoint Protection, read:
TECH 103088: Download the latest version of Symantec Endpoint Protection
To work around the issue in the meantime the SEPM administrator can re-enable the firewall policy temporarily and send a command to the clients to disable / enable Network Threat Protection. Next time the policy is disabled, the clients will correctly show firewall status as "Disabled by policy" and SEPM will not report any problems.