How to remove or re-add the Symantec Network Access Control (SNAC) module from both Symantec Endpoint Protection (SEP) Manager and client

Article:HOWTO44392  |  Created: 2011-03-13  |  Updated: 2015-03-03  |  Article URL
Article Type
How To

To remove Symantec Network Access Control (SNAC) from Symantec Endpoint Protection (SEP)

  1. Within your Symantec Endpoint Protection Manager (SEPM), ensure that you have withdrawn all Host Integrity policies from all clients/groups before you continue on. This may be skipped if you are running SEPM 12.1.5 and plan to keep using Host Integrity.
  2. Access the Clients page of the SEPM console, select a client group (e.g. My Company) and then click the Policies tab for this group. Select the General Settings link, then go to the Security Settings tab and uncheck the option here to Enable SNAC. This step is necessary in order for SNAC to show as removed on the managed SEP clients.
  3. Log out of your SEPM
  4. Open Windows Service Manager via Start > Run, and then enter services.msc.
  5. Stop the following services:
    • Symantec Endpoint Protection Manager 
    • Symantec Endpoint Protection Manager Webserver
  6. Navigate to the license folder. The default location:
    • For 32-bit: C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\etc\license
    • For 64-bit: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\tomcat\etc\license
  7. Move or delete SNAC.xml.
  8. Restart the SEPM services.
  9. Log on to your SEPM to confirm that Host Integrity does not show under Policies.

    Note: As of 12.1 RU5 (12.1.5337.5000), it is expected that Host Integrity will continue to be listed in the Policies section of the SEPM console; however, please verify that the Host Integrity policy Requirements to verify the Gateway or DHCP Enforcer options are no longer present.  
  10. From the SEPM console go to Admin > Licenses and delete your SNAC license(s).
  11. On a Symantec Endpoint Protection (SEP) client computer, right-click the SEP shield icon in the system notification area, and click Update Policy.
  12. After the policy updates (the serdef.dat file was updated on the SEP client), reboot the client computer.

After the reboot, the SNAC module will no longer display in the SEP client user interface (UI). If Host Integrity policies were withdrawn then the Host Integrity Scan will no longer be an option.

Note: The SEPM will still show Symantec Network Access Control in the Licensing Status report. This cannot be removed without an uninstall and reinstall of the SEPM.

To restore SNAC to your SEP environment repeat the above steps to stop the SEPM services, but copy the SNAC.xml back into the license folder instead of deleting. You will then need to reapply your SNAC license in the SEPM, assign Host Integrity policies and re-enable SNAC enforcement.

Article URL

Terms of use for this information are found in Legal Notices