Symantec Endpoint Protection does not detect network applications if Base Filtering Engine service is stopped
Various Endpoint Protection firewall features may not work as expected: traffic from network applications is not detected. Configured prompts and actions (block/allow application traffic, or ask user) do not occur. Intrusion Prevention will not log suspicious traffic.
This will happen if the Windows Base Filtering Engine service is stopped.
The Base Filtering Engine (BFE) is a Microsoft service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications.
Ensure that the Windows Base Filtering Engine service is running, then continue troubleshooting.
SEP can't detect some network applications.
SEP is not detecting network IPS attack
Imported Document ID: TECH161309
Subscribing will provide email updates when this Article is updated. Login is required.