After the installation of a Symantec Endpoint Protection (SEP) client or change to its assigned policy, Facebook displays an "incompatible browser" error.  The Windows Update web site, and some web server based applications as well, no longer functions.

This is caused by the stealth settings in the Symantec Endpoint Protection (SEP) client firewall rule ->. Stealth mode settings (OS  Fingerprint Masquerading)

Some web sites and web server based applications use http headers to detect the operating system and browser version, to serve the right client side content (usually ajax and javascript).

Stealth mode OS fingerprint masquerading, prevents the web server and web server based applications from correctly detecting operating system and browser version, and this stops the web site or application from working properly.

To disable stealth mode by policy:

1. In the Symantec Endpoint Protection Manager (SEPM) console, open the "Policy" - "Firewall Policy" which you are using for client group in question
2. In the Firewall Policy page, click Traffic and Stealth settings
3. Uncheck Enable OS fingerprint masquerading.
4. Click the "OK" button.
5. Apply the policy to any affected client group