After withdrawing or disabling the Firewall policy for a client group in the Symantec Endpoint Protection Manager (SEPM), the Symantec Endpoint Protection (SEP) clients in that group still indicate the Network Threat Protection (NTP) firewall is on.
Disabling or withdrawing a managed SEP client's Firewall policy does not disable the NTP firewall driver. It will affect the SEP client's NTP component differently depending on whether the client is in Server control mode, or Client/Mixed control mode.
Clients in Server control mode will place their NTP firewalls into passthrough mode. This is to allow the NTP firewall driver to continue to work with the Intrusion Prevention System's (IPS) Active Response technology. Network traffic will still pass through the NTP firewall driver and will only be evaluated against the Active Response block list.
Clients in Client or Mixed control mode will continue to use their client-side NTP policy.
Imported Document ID: TECH162868
Subscribing will provide email updates when this Article is updated. Login is required.