Facebook, Windows Update and some web server based applications do not work with Symantec Endpoint Protection (SEP) client.

book

Article ID: 158804

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

After the installation of a Symantec Endpoint Protection (SEP) client or change to its assigned policy, Facebook displays an "incompatible browser" error.  The Windows Update web site, and some web server based applications as well, no longer functions.

Cause

This is caused by the stealth settings in the Symantec Endpoint Protection (SEP) client firewall rule ->. Stealth mode settings (OS  Fingerprint Masquerading)

 

Some web sites and web server based applications use http headers to detect the operating system and browser version, to serve the right client side content (usually ajax and javascript).

Stealth mode OS fingerprint masquerading, prevents the web server and web server based applications from correctly detecting operating system and browser version, and this stops the web site or application from working properly.

Resolution

To disable stealth mode by policy:

  1. In the Symantec Endpoint Protection Manager (SEPM) console, open the "Policy" - "Firewall Policy" which you are using for client group in question
  2. In the Firewall Policy page, click Traffic and Stealth settings
  3. Uncheck Enable OS fingerprint masquerading.
  4. Click the "OK" button.
  5. Apply the policy to any affected client group