Windows 10 Security Center Shows Red x Icon On Firewall & Network Protection with SEP Installed Machine - NETSEC

Latest

Learning, Sharing, Creating

Cybersecurity Memo

Friday, May 15, 2020

Windows 10 Security Center Shows Red x Icon On Firewall & Network Protection with SEP Installed Machine

Encountered this issue recently while testing policy. This post is to record the solution for my reference.

The notification and description on this issue in Windows Security is quite confusion. It mentions actions needed in Symantec Endpoint Protection.

But if you open SEP, it will just show you Your Computer is protected and no problems detected.



After you clicked Firewall & Network Protection, you will see all of your three networks (Domain, Public, Private) having same red x icon. If you continue clicking into one of network, you will see Symantec Endpoint Protection is snoozed. There is Turn on button, but no matter how you click to it, it will do nothing.



Eventually after a good search, I found Broadcom (Previously Symantec) has a kb to show how to resolve this known issue - Red X in Windows Security Center with 14.2+ firewall disabled by policy. And it has been resolved by next release 14.2 RU2.


Cause:
After the SEP Firewall is disabled by policy, the client does not set the Windows Security Center Firewall (WSC) status to "WSC_SECURITY_PRODUCT_STATE_OFF" as a result the Windows Security Center reports a red x.  The client sets the WSC status to an unexpected value:  "WSC_SECURITY_PRODUCT_STATE_SNOOZED".
 Environment:
  • SEP client with Firewall component installed and disabled by policy from manager
  • Client versions 14.2 RU1 and newer
  • Various versions of Windows 10
 Solution:

  • A permanent solution is to upgrade to 14.2. RU2 or later, such as , 14.2.2 MP1, or 14.3.0
  • A temporary solution is to uncheck Firewall from your feature set.





No comments:

Post a Comment