Meraki

Community

FW Not Installed is the reason for security audit failure

Solved
cmiarshvac
Getting noticed
‎Dec 28 2017 12:36 PM
‎Dec 28 2017 12:36 PM

FW Not Installed is the reason for security audit failure

I have a Client Security Report run every week.  In the Security Policy under the Desktop section,  i have the Firewall Enabled option  "checked".  For all of my Windows 10 clients, the Windows Firewall is enabled.  The security report shows that each W10 client fails for these reasons: "FW not Installed"; "FW not enabled".  Does anyone know what is settings is being interrogated to confirm Firewall is Installed and Enabled on Windows 10 clients?  

0 Kudos
1 Accepted Solution
In response to cmiarshvac
rguthrie
Getting noticed
‎Jul 6 2018 7:38 AM
‎Jul 6 2018 7:38 AM

Bonjour @cmiarshvac 

I actually dealt with Meraki support yesterday over this issue.  They had me run this command at a DOS prompt (it's the command that the agent used to check complaince)

 

WMIC /Namespace:\\root\SecurityCenter2 Path AntiSpywareProduct Get * /Format:List

 

That should listdisplayName=Windows Defender and productState=397568 (product state might vary... would have to confirm with Meraki)

 

If it doesn't list Windows Defender open a ticket with them... but if it does like mine did, they had me turn off the Defender on the system in question and turn it back on.  What I did was disable all part of defender, waited a few minutes and rebooted.  The reboot turns the Real Time Protection back on by default, and I manually turned on the other components.  My system showed up secure and compliant within an hour!! 

View solution in original post

0 Kudos
6 Replies 6
BlakeRichardson
Kind of a big deal
Kind of a big deal
‎Jan 9 2018 12:35 PM
‎Jan 9 2018 12:35 PM

What AV are you using, some antivirus software disables windows firewall and run their own version. 

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Kudos
In response to BlakeRichardson
cmiarshvac
Getting noticed
‎Jan 9 2018 12:50 PM
‎Jan 9 2018 12:50 PM

Hello Blake,

I am running Webroot. I asked them about their firewall interaction. Their response: "Webroot's firewall only covers outbound traffic as we utilize Windows Firewall to cover inbound traffic."
0 Kudos
In response to cmiarshvac
rguthrie
Getting noticed
‎Jul 5 2018 9:16 AM
‎Jul 5 2018 9:16 AM

Greetings~ was any resolution found for this issue?  Currently, I have a baseline Windows 10 Client that does not have any 3rd party AV. Windows Defender and Windows Firewall are both enabled / running / updated....  but it is also failing due to "FW not installed, FW not enabled, AV not running".

0 Kudos
In response to rguthrie
cmiarshvac
Getting noticed
‎Jul 6 2018 7:28 AM
‎Jul 6 2018 7:28 AM

No resolution yet.  If someone from Meraki could comment about what is being queried to confirm FW and AV being enabled we might be able to adjust settings to get a good report.  

0 Kudos
In response to cmiarshvac
rguthrie
Getting noticed
‎Jul 6 2018 7:38 AM
‎Jul 6 2018 7:38 AM

Bonjour @cmiarshvac 

I actually dealt with Meraki support yesterday over this issue.  They had me run this command at a DOS prompt (it's the command that the agent used to check complaince)

 

WMIC /Namespace:\\root\SecurityCenter2 Path AntiSpywareProduct Get * /Format:List

 

That should listdisplayName=Windows Defender and productState=397568 (product state might vary... would have to confirm with Meraki)

 

If it doesn't list Windows Defender open a ticket with them... but if it does like mine did, they had me turn off the Defender on the system in question and turn it back on.  What I did was disable all part of defender, waited a few minutes and rebooted.  The reboot turns the Real Time Protection back on by default, and I manually turned on the other components.  My system showed up secure and compliant within an hour!! 

0 Kudos
In response to rguthrie
cmiarshvac
Getting noticed
‎Jul 6 2018 8:01 AM
‎Jul 6 2018 8:01 AM

Thanks for the follow up. I will give this a try.
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
© 2024 Cisco Systems, Inc.