I am getting asked about client status based on the Symantec reports that are being sent to leadership. Basically, there are a couple of areas that are causing concern. The first is the status of the firewall. For all Windows machines, we use a GPO to enable the Windows firewall and the SEP Firewall Policy is not enabled. However, the reports are showing about 2% of our machines as having the firewall disabled while the remaining 98% show correctly as Disabled by Policy.
The second issue arising is roughly 33% of our machines are showing up as "Tamper Protection Disabled or Malfunctioning" in the Security Status Summary that is sent out. When I look at any of the clients in the console using the Protection Technology view, all of the clients show Tamper Protection as Enabled. In addition, I can't drill down into the report to see the names of the actual clients reporting a disable Tamper Protection, so I can't check any of the machines directly.
Any ideas on what I can try here?
Machines are all Windows 7 Enterprise, 64-bit. SEP version is 12.1.6, build 6608.