Quantcast
Channel: Symantec Connect - Endpoint Protection - Discussions
Viewing all articles
Browse latest Browse all 10484

Symantec Endpoint Protection failing to write to firewall logs after importing firewall rules using smc.exe

$
0
0
I need a solution
Hello all.
 
After importing the Firewall rules stored in a .sar file using smc.exe, the firewall log does not work. I tried this command:
 
"smc.exe -importadvrule "firewallrule.sar""
 
This imports the firewall rule successfully, but it prevents the Firewall log from working. Restarting the computer does not help. The firewall log contains the logs from before applying the new rules.
 
After importing the firewall, if I make any change to the firewall using the GUI, including moving a rule up or down, and then saving the firewall, SEP starts logging the network traffic again.
 
In the Debuglog.txt, I see the below lines as being particularly relevant:
 
2013/12/05 16:28:25.601 [1912:1956] LogonUserImpersonator: on C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\Smc.exe , 
2013/12/05 16:28:25.601 [1912:1956] LogonUserImpersonator:Cannot open process 0, err = 87
2013/12/05 16:28:25.601 [1912:1956] LogonUserImpersonator:Cannot open process 4, err = 5
2013/12/05 16:28:25.601 [1912:1956] LogonUserImpersonator:ImpersonateThisProcess  on 000004C4
 
The process id for 0 and 4 are the "System Idle Process" and the "System" process, respectively. These lines may not be the issue, but it was the only difference between the smc.exe imported firewall rules and the manually added rules using the GUI. 
 
These four lines begin the process of importing the firewall rules. The Debug log from line 655 to the end concern the firewall importing.
 
 
 
 
Importing a .xml file does not work either.
 
I am trying to automate this process on the system, so any command line solution would be appreciated.
 
 
 
Attached are the debug log and the troubleshooting logs. Note that the debuglog.txt does not contain the successful importing of the firewall using the GUI, it only has the command line importing.
 
This system does not connect to the Internet and does not use LiveUpdate.

Viewing all articles
Browse latest Browse all 10484

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>