Can the F-Secure PSB Computer Protection profile be used to force control of the Windows Firewall on / off state?
Can the Computer Protection profile be used to force the firewall on if the end user has turned it off?
The on/off state of the Windows Firewall can be fully controlled from the PSB portal settings profiles. To modify the state of the firewall, do as follows:
Log in to the PSB Management Portal
Go to the Profiles page
Click on the profile you want to edit (observe that profiles with the READ ONLY flag cannot be edited)
Select the Firewall page from the options on the left
Under General settings, set the Use Windows Firewall-setting to the desired mode (to prevent anyone from being able to modify the setting locally, click the lock-icon on the extreme right side of the setting, so that the lock is closed)
The Windows Firewall will always follow the setting in Computer Protection. Users with sufficient rights can turn the firewall on or off directly through the firewall settings in Windows, but it will be forced back again in a few seconds time.
Leaving the setting unlocked in the settings profile will allow for local settings to override the value stated in the profile, see the following examples:
Profile setting: firewall ON, setting unlocked Setting in Computer protection UI: OFF Result: the Windows Firewall will be forced OFF
Profile setting: firewall ON, setting unlocked Setting in Computer protection UI: ON Result: the Windows Firewall will be forced ON
Profile setting: firewall ON, setting locked Setting in Computer protection UI: Will be forced ON Result: the Windows Firewall will be forced ON