I have Symantec Endpoint Protection Cloud 22.16.2.22 clients with the default “Symantec recommended system policy” and “Symantec recommended security policy” applied to all users & devices. The “Symantec recommended security policy” as shown in the portal continues to include Network Protection settings of “Firewall = on”, “File and Printer Sharing = on”, and “Remote Desktop Connection = on”, and this has been working successfully and as expected for months.
Today, literally while I’m Remote Desktop’d into one of the managed devices, the ability to use File and Printer Sharing to access shares being hosted from that device stopped working. The Remote Desktop connection continued to work fine. After figuring out it wasn’t a name resolution failure, a LAN trace confirmed that the connection attempt is now being refused by the SEP Cloud-protected machine.
The SEP Cloud client shows plenty of “Firewall rules updated” events with status “detected”, but these were happening back when access was still allowed, too. There is no detail provided in these events; no indication of “what” was updated about the firewall rules. I do see where the client picked up a “Symantec Revocation Reputation List” and “SONAR Updates x64” update this morning; but that is not unusual either, and hasn’t resulted in the “File and Printer Sharing = on” setting being ignored before.
Where can I display the detail of whether the client thinks “File and Printer Sharing = on” support is in effect or not? The “Advanced” display just shows “Smart Firewall = On”, and doesn’t show what it thinks the state of the security policy actually is.
Where can I display the detail of what changed in the firewall rules during these “Firewall rules updated” events? There is no detail provided other than date and time for these events.
Thanks.