Endpoint Protection

  • Private Community
 View Only

 FWRunningStatus values

Jump to  Best Answer
Tamas Dezso's profile image
Tamas Dezso posted Oct 03, 2024 06:31 AM

Hi Team,

For troubleshooting reasons, I'd like to understand the values of the registry key FWRunningStatus under the hive:

HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion\public-opstate

So far I have a clue about 0 and 1, but on some clients we have 2, which is failing on our VPN compliance checks.

Thank you in advance,

Tamás

Sherri Nichols's profile image
Sherri Nichols posted Oct 04, 2024 09:51 AM  Best Answer

1 means Running; 2 means Disabled. 

Tip: You can view the human-friendly labels for various statuses using the SEPM console.  On the Clients page, select a group. On the right hand side, on the Clients tab, select 'Protection technology' in the View dropdown. You can view the statuses for AntiVirus, Firewall, SONAR, and more, as last reported by the client.  To see the last time the status was updated, select 'Default view' in the View dropdown, and look at the column Last Time Status Changed.

Hope this is helpful!

Tamas Dezso's profile image
Tamas Dezso posted Oct 07, 2024 04:29 AM

Hi Sherri,

Thanks for the reply!

Indeed it's FW disable, I was able to test it. (In this case I saw disabled status on SEPM).

However on the 2 endpoints I have issue, FW is enabled according to SEPM, and enabled tickbox is checked on client and also we are able to see FW logs locally.

Can it be some malfunctioning of the FW enginge?

Is there any way to troubleshoot it?

Probably a reinstallation of the SEP would solve it, I just want to avoid it, and understand the behaviour.

It can have an effect on our VPN compliance checks for the future.

Thanks,

Tamás

Sherri Nichols's profile image
Sherri Nichols posted Oct 07, 2024 09:29 AM

To investigate further, I'd recommend to download and run the SymDiag tool on the affected client(s).  The tool is great at helping SEP admins identify potential causes for a wide variety of issues, and is also excellent at gathering data to submit to Support if further diagnostics are needed.  See KB https://knowledge.broadcom.com/external/article?legacyId=tech170752 for details.

Alternatively, you can enable debug logging on the client (SMC) and client firewall (Extended TSE debugging) manually. See KB https://knowledge.broadcom.com/external/article?legacyId=TECH102412 for details.  

Tamas Dezso's profile image
Tamas Dezso posted Oct 08, 2024 04:03 AM

Thank you Sherri,

We managed to fix one endpoint, working on the second one.

Regards,

Tamás