ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Endpoint Protection doesn't manage Windows Firewall settings in Windows 10 Fall Creators Update


Article ID: 170369


Updated On:


Endpoint Protection


Symantec Endpoint Protection (SEP) doesn't manage the Windows Firewall settings in Windows 10 Fall Creators Update (version 1709). This situation causes a conflict between Windows and SEP firewall rules and results in unexpected application blocks.

SEP normally manages the Windows Firewall settings when the SEP firewall component is installed, as shown:

SEP 14 RU1 added support for Windows 10 Fall Creators Update. After SEP 14 RU1 is installed together with Windows 10 Fall Creators Update (version 1709), SEP doesn't manage the Windows Firewall settings. This view indicates Windows Firewall is still active, even though SEP firewall is installed:


The issue is caused due to incorrect access rights to query the Windows Firewall service status.


SEP 14 RU1

Windows 10 Fall Creators Update (version 1709)


A product fix has been released with the SEP 14.0 RU1 MP1 and SEP 12.1 RU6 MP10 versions.

As a workaround, disable the Windows Firewall rules that conflict with SEP firewall. Disabling Windows Firewall entirely is not recommended. Such a step disables DirectAccess protections provided even when SEP fully manages the Windows Firewall. See for more details about the firewall categories which SEP normally manages.