Endpoint Protection

 View Only
Back to Library

How to disable SEP features at client GUI in SEP  

Sep 07, 2011 05:30 AM

Updated on 12th June'13

 

Hi,

By deafult all the SEP features are accessible to end user.

Let's see one by one.

 

1) Disable all Virus and Spyware protection features is enable by default.

 

 

 

To disable Virus and Spyware protection feature access on SEP client

Go to SEPM --> Policies ---> Virus & Protection policy – Balanced --> Protection Technology-->Auto-protect --> Lock Enable auto-protect

 

 

 
Confirm on Client, as you can see tab is grayed out.
 
 
 
 
 
 
 

 

2) Disable Proactive Threat Protection is also enable by default 

 

Go to SEPM -->Policies --> Virus & Protection policy – Balanced -->Protection Technology-->SONAR  -->Lock SONAR

Confirm on client, as you can see tab is grayed out.

 

 

 

3) Disable Network Threat Protection access on SEP client.

 

Go to Specific group --> Policies --> Location specific setting --> Client user interface settings --> Edit settings -->  Uncheck allow user to enable and disable firewall

Check on client, as you can see tab is grayed out.

 

 

4) Disable Symantec Endpoint Protection feature is also enable by default. 

 

1) In SEPM, under Virus and Protection policy lock all the items which are unlock

or

Select Virus and Protection policy- High security, it will lock all the items as a policy.

2) Go to Specific group --> Policies --> Location specific setting --> Client user interface settings --> Edit settings --> Uncheck the following two options

i) Allow user to enable and disable firewall

ii) Allow user to enable and disable application and device control policy.

3)  You also need to perform the following In the Policies tab of the SEPM:

1. Click  Intrusion Prevention Protection policy.

2 .Click Setting, then lock this feature by clicking the lock symbol next to Enable Network Intrusion Prevention and Enable Browser Intrusion Prevention.

3. Click OK

Check on client, as you can see tab is grayed out.

 

 

For Small Business Edition check this artilce:

How to block a user's ability to disable Symantec Endpoint Protection Small Business Edition on Clients

http://www.symantec.com/docs/TECH172434

Statistics
0 Favorited
3 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

ℬrίαη
Jan 21, 2014 11:29 AM

No problem, always glad to help!

take care

Migration User
Jan 21, 2014 11:27 AM

Well...What a rookie error. I simply didn't see them.

That worked. Thanks for taking the time to help, really appreciate it.

Chetan Savade
Jan 21, 2014 10:55 AM

Lock is very important in this process.

Under Antivirus and Antispyware policy out of three policies one of them is with High Security.

In the High Security policy all the locks are by default selected. Apply the policy and see the results.

ℬrίαη
Jan 21, 2014 10:21 AM

You need to close the locks in the policy. That will stop the users from being able to change on the client side.

Migration User
Jan 21, 2014 10:20 AM

Hi

Thanks for the quick reply.

After making any changes I first waited for the policy serial to update in the management console, then did an Update Policy from the client, wait for the clients policy serial to update in the management console. I'd then check if the changes had taken effect. If they hadn't taken effect, I'd do a reboot of the client and check again.

I've attached screenshots I've just made of the settings from the management console.

 

ℬrίαη
Jan 21, 2014 10:04 AM

See if this article helps:

How to block a user's ability to disable Symantec Endpoint Protection on Clients

http://www.symantec.com/docs/TECH102822

Has the client picked up the policy change from the SEPM?

Migration User
Jan 21, 2014 10:03 AM

I know this is an old article but I've followed every step by the original poster and not a single option has been disabled.

We are using 12.1.4013.4013 and they are installed in computer mode.
 

 

AjinBabu
Sep 20, 2013 12:31 AM

Nice article Chetan.

Migration User
Jul 17, 2013 05:18 AM

dear chetan 

the artical is really helpful 

Chetan Savade
Jun 12, 2013 06:07 AM

Hi,

For Small Business Edition check this article:

How to block a user's ability to disable Symantec Endpoint Protection Small Business Edition on Clients

http://www.symantec.com/docs/TECH172434

Chetan Savade
May 23, 2013 09:10 AM

Thanks to all !!!

Ambesh Sharma
Feb 13, 2013 10:57 PM

Again Good one..

Nice and helpful Chetan,

Thanks a lot for the sharing..

Migration User
Feb 13, 2013 10:15 PM

Dear All,

 

Thanks for info. :)

Migration User
Feb 10, 2013 11:42 AM

Greate Artical..

ℬrίαη
Feb 10, 2013 07:53 AM

You can use the application and device control policy to protect the client registry and services from being stopped. If you have tamper protection enabled, this will also prevent this as well.

Migration User
Feb 10, 2013 07:50 AM

No this type setting not available you can't provide password

Migration User
Feb 10, 2013 07:35 AM

Hi Chetan,

Thanks for your info :)

but i have another question, can we give password when client trying to disabled antivirus ?

I can do this for uninstall, but for disabled I cannot find where is the setting :(

Migration User
Feb 07, 2013 06:33 AM

i had the same problem, i could not understand that "locker's sign" is clickable! But now it works fine.
i think other people can meet the same manual misunderstanding.

Chetan Savade
Feb 05, 2013 05:48 AM

Hi,

This article is specific to SEP 12.1.

For SEP 11.x you can refer this article

How to block a user's ability to disable Symantec Endpoint Protection on Clients

http://www.symantec.com/docs/TECH102822

pete
Feb 05, 2013 04:37 AM

what is that you not seeing? can you post the screen shot?
are you referring tio point 3 ?

Migration User
Feb 05, 2013 04:09 AM

Dear Chetan,

I cannot find your setting for point 4. Fyi, iam using SEPM 11.7

could you help me ...

John Santana
Oct 31, 2012 11:14 PM

thanks man !

Migration User
Sep 20, 2012 12:24 PM

Good Article

Chetan Savade
Apr 27, 2012 03:33 AM

Thanks everyone for comments  !!!

Srikanth_Subra
Jan 25, 2012 03:15 AM

Nice one

Migration User
Jan 24, 2012 05:38 AM

nice article

Migration User
Dec 13, 2011 05:01 AM

thank you

nice Article

Migration User
Oct 05, 2011 01:46 AM

Voted this useful article.

 

Related Entries and Links

No Related Resource entered.