Symantec SEP Turn off Firewall 14.2.0

el2493
Contributor III

About 2 weeks ago, a large percentage of our lab computers stopped checking in with the JSS (they would perform login/logout hooks, but no checkin). After working with Nathan in Jamf, he quickly helped me figure out that if a computer updated SEP to 14.2.0 (we initially installed 14.0.1) it would then have Firewall functionality (https://support.symantec.com/en_US/article.TECH250508.html) and it would be turned on. As soon as I turned it off, the computers immediately were able to check in.

The issue now is finding out how to script turning off the firewall. I just started looking into this, but I figured I'd reach out in case anyone else ran into this same issue and had any experience disabling features in SEP. If nothing else, maybe someone else is experiencing this same issue and this might help them out.

Thanks!

1 REPLY 1

el2493
Contributor III

In case anyone else runs into this issue, I called Symantec and they said there wasn't any way to turn off Firewall in a script (which to me means there probably is but isn't something they'd recommend doing). They did say that if our Symantec clients were managed (they are, we have an SEPM server) that we could disable it using the following steps with SEP Manager:

  1. Log to the Symantec Endpoint Protection Manager
  2. Go the clients tab
  3. Create a group for the Mac client if there isn't one
  4. Now get to the Mac client group and un-check inheritances
  5. Under selected group go to policies and create a non-shared policy for Firewall
  6. Now Uncheck Enable this policy.

I'm not sure whether our SEP Administrator followed those exact steps or did something different (I think they mentioned something about copying the policy or rule that was in place for Windows computers), but almost immediately after them making the change the affected computers started checking in again.