When Endpoint Protection 12.1 Firewall component is installed, computers briefly lose network connectivity after every boot

book

Article ID: 159320

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

When the Symantec Endpoint Protection 12.1 (SEP) firewall component is installed, computers briefly lose their network connection after every boot. When this issue occurs, the computer's network connection will begin working correctly again after a few seconds and this issue will not occur again until the next boot.

If the computer is booting from the network (as opposed to booting from disk), it is possible that this issue may prevent the operating system from loading properly.

Cause

SEP's firewall driver (teefer) does not have a boot flag associated with it. This causes Windows to start the firewall driver after the operating system has already started to load. When the firewall driver is loaded, a brief network interruption will be introduced.

Resolution

To work around this issue, it is possible to create a boot flag for SEP's firewall driver in order to cause Windows to load it earlier in the boot process. By loading the driver earlier in the boot process, this issue will be avoided.

Note: Backup the Registry before performing the steps listed below.

  1. If enabled, disable SEP's Tamper Protection feature. Tamper Protection will prevent the Registry change listed below. See KB document: How to disable Tamper Protection in Symantec Endpoint Protection 12.1
  2. Open the Registry editor
  3. Navigate to the following Registry location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Teefer2
  4. Create a DWORD Registry value named BootFlags and set its value data to 1
  5. Enable Tamper Protection
  6. Reboot the computer to confirm this change resolved the issue