Endpoint Protection

Hello,

I am running on SEP 12.1 and need the solutions for temporary enable user's ability to disable Symantec Endpoint Protection on Clients for trobleshooting purpose. The user will have ability to disable SEP but the SEP will automatically re-enable itself back in a specific time.

Thank you for helping.

Wisaroot.

Hello,

In your case, you want to "Enable user's ability to disable Symantec Endpoint Protection on Clients for trobleshooting purpose (temporarily)."

Go to the Specific client group --> Policies --> Location specific setting --> Client user interface settings --> Edit settings -->  check Allow user to enable and disable firewall

Check on client, as you can see tab is Enabled.

Here are few Articles which may assist you to do the opposite of what you want -

How to prevent SEP features from being disabled in the client GUI in SEP 12.1

http://www.symantec.com/docs/TECH168990

How to block a user's ability to disable Symantec Endpoint Protection on Clients

hi Check this url.

https://www-secure.symantec.com/connect/articles/how-disable-sep-features-client-gui-sep-121

http://www.symantec.com/business/support/index?page=content&id=TECH168990

Check this forums.

https://www-secure.symantec.com/connect/forums/how-disable-disable-symantec-endpoint-protection

Please do the folllowing:

Solution

To prevent users from disabling Symantec Endpoint Protection (SEP) on their client:

Step 1: Remove the right to disable Network Threat Protection:

1. Open the Symantec Endpoint Protection Manager.
2. Click Clients.
3. Select the group that contains the clients you want to be affected.
4. Click Policies.
5. Expand Location-specific Settings.
6. Click Tasks to the right of "Client User Interface Control Settings", then click Edit Settings.
7. Select Server control or Mixed control if it is not already set to one of these.
8. Click Customize.
   • If Server control is enabled this will open the Client User Interface Settings dialog.
   • If Mixed control is enabled this will open the Client User Interface Mixed Control Settings dialog.
     
      
9. Uncheck Allow users to enable and disable Network Threat Protection.
10. Click OK> OK.

Step 2: Remove the right to disable Threat detection:

1. Open the Symantec Endpoint Protection Manager.
2. Click Clients.
3. Select the group that contains the clients you want to be affected.
4. Click Policies.
5. Expand Location-specific Policies
6. Click Antivirus and Antispyware policy.
7. Click File System Auto-Protect, then lock this feature by clicking the lock symbol next to Enable File System Auto-Protect.
8. Click Internet Email Auto-Protect, then lock this feature by clicking the lock symbol next to Enable Internet Email Auto-Protect.
9. Click Microsoft Outlook Auto-Protect, then lock this feature by clicking the lock symbol next to Enable Microsoft Outlook Auto-Protect.
10. Click Lotus Notes Auto-Protect, then lock this feature by clicking the lock symbol next to Enable Lotus Notes Auto-Protect.
11. Click TruScan Proactive Threat Scans, then lock this feature by clicking the lock symbol next to Scan for trojans and worms and Scan for keyloggers.
12. Click OK.

For Symantec Endpoint Protection 12.1, additional policies must be locked. 

1. In the Virus & Spyware Protection policy, click Sonar, then lock this feature by clicking the lock symbol next to Enable Sonar.  
2. In the Instrusion Prevention policy, click Settings, then lock both lock symbols next to Enable Network Intrusion Prevention and Enable Browser Intrusion Prevention.  

Step 3: Clients update policy:
Clients will receive the policy according to their Communication Settings (they will be prompted to check in within a few seconds if in Push Mode; they will check in on their next scheduled heartbeat in Pull Mode).

You can prompt the heartbeat on the client:

1. Right-click the Symantec Endpoint Protection system tray icon.
2. Click Update Policy. The client will request the new policy from the manager

Once the policy has been updated the user will not be able to disable the Antivirus/Antispyware or the Network Threat Protection features. 

Regards

Thank you that helps.
 

Hi,

This solutions just works for only Network Threat Protection. After I clicked "Disable Symantec Endpoint Protection" on the SEP icon on the taskbar. Then only Network Threat Protection will automatic re-enable after the specific time but another one is not. (Download Insight, Internet Email Auto-Protect, Outlook Aut-Protect and Proactive Threat Protection are still disable)

Do you have the solution for re-enable every modules ?

Thank you so much.

Hello,

In that case, you have to provide the User Control Policies to the SEP clients from Server Mode to Client Mode OR Mixed Mode from the SEPM.

Check this Article:

Changing the user control level

http://www.symantec.com/docs/HOWTO55475

The meaning of the different modes is as follows:

Server Mode Server is in complete control of the client and the user can only modify what the administrator specifically allows

Client Mode Client is in complete control of the client and the user can only modify whatever they wish

Mixed Mode A combination of control that can be customized to allow the client(user) the ability to only control what the administrator allows.

To maintain some control of the client and also control the options the user can change, use "Mixed Mode".
Any settings that you do NOT want a user to change should be "locked" in the specific policies you create to prevent changes.
Mixed Mode can be customized to shift a specific number of configurations from the server to the client.

Note:
In "Client Mode" every action is logged. On a managed client the sheer number of these logs from hundreds of clients will cause the Symantec Endpoint Protection Manager to overwrite its logs when left at the default log retention settings.. To stop the excessive logging switch to "Mixed Mode".

Hope that helps!!