Endpoint Protection

 View Only
  • 1.  Disable Protection From Endpoint Protection Manager

    Posted Jan 23, 2012 09:46 PM

    I've got an interesting use case for Endpoing Protection Manager ...

    I need to disable all protection (ideally through applying a set of disabled policies) and remove the ability for users to re-enable protection (via the "fix this" in the user interface notification screen).

    Backstory: We are an managed service provider offering standalone managed anti-virus when full blown managed services is not an option with the client. In the event the client goes on credit hold I need to be able to disable protection until the account is current. I do however want the install to bark at the client that they are unprotected.

    Anyone know if this is possible with SEP Enterpriese?  If not possible does anyone know if it's possible with endpoint protection.cloud?

     

    Thanks!



  • 2.  RE: Disable Protection From Endpoint Protection Manager

    Posted Jan 23, 2012 11:34 PM

     

    Go to the Specific client group --> Policies --> Location specific setting --> Client user interface settings --> Edit settings -->  Uncheck Allow user to enable and disable firewall

    Check on client, as you can see tab is grayed out.

    4) Disable Symantec Endpoint Protection feature is also enabled by default. 

     

    1) In SEPM, under Virus and Protection policy lock all the items which are unlocked

    or

    Select Virus and Protection policy- High security, it will lock all the items as a policy default.

    2) Go to Specific group --> Policies --> Location-specific Settings --> Client User Interface Control Settings --> Tasks --> Edit settings --> Server Control --> Customize --> Uncheck the following two options

    i) Allow user to enable and disable the firewall

    ii) Allow user to enable and disable application and device control policy.

    3) You also need to perform the following In the Policies tab of the SEPM:

    1Click  Intrusion Prevention Protection policy.

    2 .Click Setting, then lock this feature by clicking the lock symbol next to Enable Network Intrusion Prevention and Enable Browser Intrusion Prevention.

    3Click OK.

    Check on client, as you can see tab is grayed out.

     



  • 3.  RE: Disable Protection From Endpoint Protection Manager

    Posted Jan 24, 2012 12:27 AM

    Hi Jonas,

     

    Basically if you do not want the FIX button to available for your SEP client then you should disable those features from SEPM only.

    please go through the following example for more details:

    How to disable the "Fix" button notification after turning off email scanning in Symantec Endpoint Protection. :

    http://www.symantec.com/docs/TECH102291

     

    Hope this helps you!!



  • 4.  RE: Disable Protection From Endpoint Protection Manager

    Posted Jan 24, 2012 12:35 AM

    So If you will disable all the feature for that perticular client then it will show warning also and they won't be having FIX button available.



  • 5.  RE: Disable Protection From Endpoint Protection Manager

    Broadcom Employee
    Posted Jan 24, 2012 04:27 AM

    Hi,

    It's possible through SEPM.

    Check following article

    https://www-secure.symantec.com/connect/articles/how-disable-sep-features-client-gui-sep-121

    Public Kb also available for same.

    http://www.symantec.com/docs/TECH168990

    I hope it will help you !!!



  • 6.  RE: Disable Protection From Endpoint Protection Manager

    Posted Jan 24, 2012 05:35 AM

    Thumbs up for

     

    Public Kb also available for same.

    http://www.symantec.com/docs/TECH168990