Firewall is not functioning correctly. Your protection definition may be damage or your product installation may be corrupt.
search cancel

Firewall is not functioning correctly. Your protection definition may be damage or your product installation may be corrupt.

book

Article ID: 384255

calendar_today

Updated On:

Products

Endpoint Protection Endpoint Security Complete

Issue/Introduction

Customer installed the Symantec Endpoint Protection [SEP] client but after reboot error is seen on the SEP UI 
""Firewall is not functioning correctly. Your protection definition may be damage or your product installation may be corrupt"

In the Setupapi.log file below error are seen

>>>  [Install network driver - symc_teefer2]
>>>  Section start 2024/11/04 16:39:20.300
      cmd: "C:\Program Files\Symantec\Symantec Endpoint Protection\14.3.9210.6000.105\Bin64\installTeefer.exe" -l 2 -s "C:\Program Files\Symantec\Symantec Endpoint Protection\14.3.9210.6000.105\Bin64\TeeferWin8\"
     dvi: Installing new driver
.
.
.
dvi: Selected driver:
     dvi:      INF path C:\WINDOWS\INF\oem277.inf
     dvi:      INF section Install
     dvi:      INF version 14.3.9505.7000
     dvi: {_SCAN_FILE_QUEUE} 16:03:20.180
     sig:      {_VERIFY_FILE_SIGNATURE} 16:03:20.183
     sig:           Key      = Teefer.sys
     sig:           FilePath = C:\WINDOWS\system32\DRIVERS\Teefer.sys
     sig:           Catalog  = C:\WINDOWS\System32\DriverStore\FileRepository\teefer.inf_amd64_1b07a813ea05472b\teefer.cat
!    sig:           Verifying file against catalog 'teefer.cat' failed.
!    sig:           Error 2: The system cannot find the file specified.

Environment

SEP 14.3 Ru6 

 

Cause

The machine had SEP 14.3.9687.7000.105 previously installed and then uninstalled. However, this uninstall seems to have left some junk behind. So, the 9210 i.e. 14.3 RU6 installation is still trying to find 9687 i.e. 14.3 Ru7 teefer.sys which does not exist. Causes 9210 i.e. 14.3RU 6 Teefer.sys installation failure.

 

Resolution

  1. Uninstall the SEP firewall from the System or uninstall the SEP client using clean wipe tool.
  2. Reboot the system
  3. Search and delete any of file with the name teefer under folder C:\WINDOWS\System32\DriverStore\FileRepository
  4. Delete the C:\WINDOWS\inf\oem277.inf
  5. Disable the Tamper protection
  6. From registry, back up and then delete "HKLM\system\currentcontrolset\services\teefer and teefer2"
  7. If exists Delete C:\Windows\SysWOW64\drivers\Teefer.sys , check if the same exists under "C:\Windows\System32\drivers".
  8. Reinstall SEP/Firewall component 
  9. Reboot the system