Disabling the Symantec Endpoint Protection client Network Threat Protection and Intrusion Detection System components
search cancel

Disabling the Symantec Endpoint Protection client Network Threat Protection and Intrusion Detection System components

book

Article ID: 180675

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

 

Resolution

Symantec Endpoint Protection (SEP) clients use two different technologies to protect computers from network attacks/exploit attempts: the Network Threat Protection firewall and the Client Intrusion Detection System (CIDS) engine. It may be necessary to disable each of these technologies when troubleshooting network related issues on computers protected by SEP.

Note: Disabling these features does not stop the associated drivers. It places them in a passthrough mode where network traffic is still passed through the drivers, but is not evaluated against any rules or definitions.

 

Disabling the NTP firewall

The NTP firewall can be set into passthrough mode either by disabling/withdrawing the client's Firewall policy, or by disabling the component in the local SEP client interface.

Note: Disabling/withdrawing the SEP client's firewall policy on clients in either client or mixed control mode will not disable the firewall as the client is already using a locally configured firewall policy instead of one configured in the SEPM. Make sure clients are in Server control mode

 

Disabling a client Firewall policy

  1. Login to the Symantec Endpoint Protection Manager (SEPM).
  2. Click Policies>Firewall and Double click the Firewall policy used by the clients you wish to disable the firewall on.
  3. Uncheck Enable this policy.
  4. Click OK to save the policy changes.

 

 

Withdrawing a client Firewall policy

  1. Login to the Symantec Endpoint Protection Manager (SEPM).
  2. Click Clients and select the Client group containing the clients you wish to disable the firewall on.
  3. Click the Policies tab.
  4. For each of the locations you wish to disable the firewall:
  5. Click Tasks>Withdraw Policy Next to the Firewall policy.

 

Manually disabling the NTP firewall on the client

  1. Open the Symantec Endpoint Protection client interface.
  2. Click Change Settings.
  3. Click Configure Settings in the Network Threat Protection section.
  4. Uncheck Enable Firewall and click OK.

 

 

Disabling CIDS by policy

The CIDS engine can be set into passthrough mode either by disabling the component in the client's Intrusion Prevention policy, or by disabling the component in the local SEP client interface.


Disabling CIDS by policy

  1. Login to the Symantec Endpoint Protection Manager (SEPM).
  2. Click Policies>Intrusion Prevention and Double click the Intrusion Prevention policy used by the clients you wish to disable CIDS on.
  3. Click on Settings.
  4. Uncheck Enable Network Intrusion Prevention.

    Note: On SEP 12.1 and higher, you can optionally disable Browser Intrusion Prevention by unchecking Enable Browser Intrusion Prevention.
  5. Click OK to save the policy changes.

 

Manually disabling CIDS on the client

  1. Open the Symantec Endpoint Protection client interface.
  2. Click Change Settings.
  3. Click Configure Settings in the Network Threat Protection section.
  4. Uncheck Enable Network Intrusion Prevention.

    Note: On SEP 12.1 and higher, you can optionally disable Browser Intrusion Prevention by unchecking Enable Browser Intrusion Prevention.

  5. Click OK.
Powered by Wolken Software