Hi,
In our environment we have upgraded the SEPM server from 12.1.RU3 to 12.1.4a. This will help us to protect our SEPM from the detected SQL Backend Injection Vulnerability.
We have upgraded our SEP Client from 12.1.RU1 to 12.1.4. We dont have Firewall Policy implemented howerver the Firewall component reported by 12.1.4 SEP client is shown as "Enabled"
On the other hand when we un-installed the SEP12.1.RU1 client with the help of cleanwipe utility and freshely installed the SEP 12.1.4 client, the firewall component status is correctly shown in SEPM as "Disabled by Policy"
Following is the status of Firewall Component on SEPM Server reporrted by SEP Clients (When Firewall Policy is disabled & Firewall componenet is installed in client package)
SEP 12.1.RU1 ------------------> Firewall Status (Enabled)
SEP 12.1.RU3 -------------------> Firewall Status (Disabled)
SEP12.1 RU4 upgraded from SEP 12.1 RU1 ------------------------> Firewall Status (Enabled)
SEP 12.1.RU4 Fresh installation -----------------> Firewall Status (Disabled by Policy)
It seems the SEP 12.1.4 client on the upgrade from 12.1.RU1 is refering old registry of RU1 client and reporting "Enabled" status eventhough Firewall Policy is disabled on Server.This behaviour is not observed during SEP 12.1.4 client fresh installation.
Regards,