Filter
Top Products
150
Enforced Client Product Guide Troubleshooting
Frequently asked questions (FAQ)
8
How can I stop errors from showing up in my reports when automatic updates fail on systems
where no user is logged on?
For certain system configurations, automatic updates do not occur on systems where no user is
logged on. You can prevent these failed updates from being reported by configuring a policy
setting (see
Update computers where no user is logged on on page 55).
Firewall protection
Is there a “learn mode” to help me discover which Internet applications I need to approve?
Yes. When you first install the firewall protection service, select Prompt mode, then check the
Unrecognized Programs reports frequently to see which applications are detected on client
computers (see
Learn mode on page 116). After you add the ones you need to your list of
allowed applications, you can change to Protect or Report mode.
Is it okay to run the Windows firewall and the firewall protection service at the same time?
We recommend that you disable the Windows firewall when the firewall protection service is
running. (It is disabled automatically when the firewall protection service is installed.)
If both firewalls are enabled, the firewall protection service lists only a subset of the blocked IP
addresses in its
Inbound Events Blocked by the Firewall report. The Windows firewall blocks some
of these addresses; however, it does not report them because event logging is disabled in the
Windows firewall by default. If both firewalls are enabled, you must enable Windows firewall
logging to be able to view a list of all blocked IP addresses. The default Windows firewall log
is C:\Windows\pfirewall.log. In addition, there will be some duplication of status and alert
messaging.
How do I keep the firewall protection service from blocking certain Internet applications?
The policy management feature allows you to specify allowed Internet applications that will not
be blocked (see
Set up allowed Internet applications on page 121). Users can also specify
allowed Internet applications on their own computers if their policy allows.
I blocked Internet Explorer on a client computer, and then temporarily disabled the firewall
protection service. When I re-enabled the service, why was Internet Explorer no longer
blocked?
The firewall protection service uses Internet Explorer to update product components. Whenever
you enable the service, Internet Explorer is given
Full Access in order to check for updates.
Why does the firewall protection service ignore user settings, such as allowed Internet
applications? It did not ignore them last week.
If the previous policy allowed users to configure settings and the current policy does not, user
settings are ignored. However, user settings are saved on client computers. If the policy is later
updated to allow users to configure settings, their firewall protection service again recognizes
their settings, such as allowed Internet applications.
Why does the firewall protection service ignore settings configured by the administrator?
If the administrator configures Prompt mode, user settings take precedence over administrator
settings. The administrator can always add to the list of
Allowed Applications.