Go to the Specific client group --> Policies --> Location specific setting --> Client user interface settings --> Edit settings --> Uncheck Allow user to enable and disable firewall
Check on client, as you can see tab is grayed out.
4) Disable Symantec Endpoint Protection feature is also enabled by default.
1) In SEPM, under Virus and Protection policy lock all the items which are unlocked
or
Select Virus and Protection policy- High security, it will lock all the items as a policy default.
2) Go to Specific group --> Policies --> Location-specific Settings --> Client User Interface Control Settings --> Tasks --> Edit settings --> Server Control --> Customize --> Uncheck the following two options
i) Allow user to enable and disable the firewall
ii) Allow user to enable and disable application and device control policy.
3) You also need to perform the following In the Policies tab of the SEPM:
1. Click Intrusion Prevention Protection policy.
2 .Click Setting, then lock this feature by clicking the lock symbol next to Enable Network Intrusion Prevention and Enable Browser Intrusion Prevention.
3. Click OK.
Check on client, as you can see tab is grayed out.