Endpoint Protection

 View Only
  • 1.  Block users from disabling SEP 12.1 client

    Posted Feb 05, 2013 08:36 AM

    Hi,

    We're looking for a sollution to allow only admins with the password to disable the SEP client.
    I have followed the guide to disabeling this function; but the result is not what i'm looking for.

     

    How to prevent SEP features from being disabled in the client GUI in SEP 12.1

     

    Allow Administrators to Disable SEP 12.1 on all Clients

     

    The SEP GUI is password blocked, this prevents users from accessing the console.
    I have also set the password to stop the client, however the password is never prompted when disabling from the tray.

    After folowing these guides, it is no longer possible to disable the client from the tray (it's grayed out).
    But it is also not possible to disable specific functions from within the gui.
    When an admin logs on to the GUI I want them to have full control over all settings.

    How do I force the password promt when disabling the client (from the tray), without blocking all settings in the GUI (which the user can't access anyway...) ?

     

    Thank you,
    Domien 



  • 2.  RE: Block users from disabling SEP 12.1 client

    Posted Feb 05, 2013 10:15 AM

    have you seen this

    How to block a user's ability to disable Symantec Endpoint Protection on Clients

    Article:TECH102822  |  Created: 2007-01-05  |  Updated: 2012-07-02  |  Article URL http://www.symantec.com/docs/TECH102822

     



  • 3.  RE: Block users from disabling SEP 12.1 client
    Best Answer

    Broadcom Employee
    Posted Feb 05, 2013 01:30 PM

    Hi Domein,

    Q .How do I force the password promt when disabling the client (from the tray), without blocking all settings in the GUI (which the user can't access anyway...)

    --> I believe it's not possible or it's not designed that way.

    However you can raise an idea or put the product enhancement request.



  • 4.  RE: Block users from disabling SEP 12.1 client

    Posted Feb 06, 2013 12:25 AM

     

    Hi Grandeco,
     
    The option to require a password to stop the client service refers to the 
    Symantec Management Client service (smc.exe) and applies to the user attempting 
    to stop the service by running the command line "smc -stop".
     
    It does not apply to stopping services in the Services Control Manager 
    including Symantec Endpoint Protection . (Although you are 
    prevented by Tamper Protection from stopping smc because it greys out the 
    options).  It also does not apply to disabling protection by right-clicking the 
    shield icon.
     
    To disable SEP from system tray you would need to use the article Brian has suggested.
    http://www.symantec.com/business/support/index?page=content&id=TECH102822 .
     
    After following the above article found that "The Disable Endpoint Protection " won't be grayed out if the User is logged in as an Administrator or a Local Admin.
     
    - MASH


  • 5.  RE: Block users from disabling SEP 12.1 client

    Posted Feb 06, 2013 12:52 AM

     

    There is one more way the user able to disable the sep service through Services.msc.

    Check the below step it can help to disable the service change

     

    Please do the following:

    1. Open the Symantec Endpoint Protection Manager.
    2. Click the Clients tab.
    3. For any group, on the right hand side, select the Policies tab.
    4. In the Location-independent Policies and Settings, click General Settings.
    5. On the General Settings screen, click the Tamper Protection tab.
    6. Verify the option labeled "Protect Symantec security software from being tampered with or shut down."

    If this is enabled, the option to stop the Symantec Management Client service (smcservice) from service control manager will be unavailable. If it is disabled, stopping smc from the service control manager is allowed.

    http://service1.symantec.com/SUPPORT/ent-security.nsf/2326c6a13572aeb788257363002b62aa/c291bf8d5d97b5f68025736200576f9d



  • 6.  RE: Block users from disabling SEP 12.1 client

    Posted Feb 06, 2013 01:31 AM

    You can install the clients in user mode instead of computer mode.

    Set password for normal clients. 

    no password for admins. 

     

    Understanding computer and user mode in Symantec Endpoint Protection 11.0

     

    http://www.symantec.com/business/support/index?page=content&id=TECH102686



  • 7.  RE: Block users from disabling SEP 12.1 client

    Posted Feb 06, 2013 05:37 AM

    Hi,

    The issue is disabling the SEP client from within the users session, so logging out and logging back in as an administrator isn't what we're looking for.

    The general idea is, users can't access the GUI nor disable the client.
    The admin arrives, can go into the console and change any setting he wants, or disable the client in general. Both by using the password not known to the users.

    For the moment I'll leave this as it is, I have filled the product feedback / feature request. 
     

    Thank you all for your support !

    Kind regards,
    Domien