Symantec Endpoint Protection does not detect network applications if Base Filtering Engine service is stopped
Various Endpoint Protection firewall features may not work as expected: traffic from network applications is not detected. Configured prompts and actions (block/allow application traffic, or ask user) do not occur. Intrusion Prevention will not log suspicious traffic.
This will happen if the Windows Base Filtering Engine service is stopped.
The Base Filtering Engine (BFE) is a Microsoft service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications.
Ensure that the Windows Base Filtering Engine service is running, then continue troubleshooting.
SEP can't detect some network applications.
SEP is not detecting network IPS attack
Rate this Article
This is machine translated content
Login to Subscribe
Please login to set up your subscription.
Didn't find the article you were looking for? Try these resources.