Updated on 12th June'13
Hi,
By deafult all the SEP features are accessible to end user.
Let's see one by one.
1) Disable all Virus and Spyware protection features is enable by default.
To disable Virus and Spyware protection feature access on SEP client
Go to SEPM --> Policies ---> Virus & Protection policy – Balanced --> Protection Technology-->Auto-protect --> Lock Enable auto-protect
Confirm on Client, as you can see tab is grayed out.
2) Disable Proactive Threat Protection is also enable by default
Go to SEPM -->Policies --> Virus & Protection policy – Balanced -->Protection Technology-->SONAR -->Lock SONAR
Confirm on client, as you can see tab is grayed out.
3) Disable Network Threat Protection access on SEP client.
Go to Specific group --> Policies --> Location specific setting --> Client user interface settings --> Edit settings --> Uncheck allow user to enable and disable firewall
Check on client, as you can see tab is grayed out.
4) Disable Symantec Endpoint Protection feature is also enable by default.
1) In SEPM, under Virus and Protection policy lock all the items which are unlock
or
Select Virus and Protection policy- High security, it will lock all the items as a policy.
2) Go to Specific group --> Policies --> Location specific setting --> Client user interface settings --> Edit settings --> Uncheck the following two options
i) Allow user to enable and disable firewall
ii) Allow user to enable and disable application and device control policy.
3) You also need to perform the following In the Policies tab of the SEPM:
1. Click Intrusion Prevention Protection policy.
2 .Click Setting, then lock this feature by clicking the lock symbol next to Enable Network Intrusion Prevention and Enable Browser Intrusion Prevention.
3. Click OK
Check on client, as you can see tab is grayed out.
For Small Business Edition check this artilce:
How to block a user's ability to disable Symantec Endpoint Protection Small Business Edition on Clients
http://www.symantec.com/docs/TECH172434