About enabling and disabling protection
In general, you always want to keep the protection technologies enabled on the client computer.
You might need to temporarily disable either all the protection technologies or individual protection technologies if you have a problem with the client computer. For example, if an application does not run or does not run correctly, you might want to disable Network Threat Protection. If you still have the problem after you disable all protection technologies, you know that the problem is not the client.
Be sure to enable any of the protections when you have completed your troubleshooting task to ensure that the computer remains protected.
Table: Purpose for disabling a protection technology describes the reasons why you might want to disable each protection technology.
Table: Purpose for disabling a protection technology
Purpose for disabling the protection technology
Virus and Spyware Protection
If you disable this protection, you disable Auto-Protect only.
The scheduled or startup scans still run if you or the user has configured them to do so.
You might enable or disable Auto-Protect for the following reasons:
Auto-Protect might block you from opening a document. For example, if you open a Microsoft Word that has a macro, Auto-Protect may not allow you to open it. If you know the document is safe, you can disable Auto-Protect.
Auto-Protect may warn you about a virus-like activity that you know is not the work of a virus. For example, you might get a warning when you install new computer applications. If you plan to install more applications and you want to avoid the warning, you can temporarily disable Auto-Protect.
Auto-Protect may interfere with Windows driver replacement.
Auto-Protect might slow down the client computer.
If you disable Auto-Protect, you also disable Download Insight, even if Download Insight is enabled. SONAR also cannot detect heuristic threats. SONAR detection of host file and system changes continues to function.
See Running commands on the client computer from the console.
If Auto-Protect causes a problem with an application, it is better to create an exception than to permanently disable the protection.
See Creating exceptions for Symantec Endpoint Protection.
Proactive Threat Protection
You might want to disable Proactive Threat Protection for the following reasons:
See Adjusting SONAR settings on your client computers.
Network Threat Protection
You might want to disable Network Threat Protection for the following reasons:
You install an application that might cause the firewall to block it.
The firewall or the intrusion prevention system causes network connectivity-related issues.
The firewall might slow down the client computer.
You cannot open an application.
See Enabling or disabling network intrusion prevention or browser intrusion prevention.
If you are not sure that Network Threat Protection causes the problem, you might need to disable all the protection technologies.
You can configure Network Threat Protection so that users cannot enable or disable it. You can also set the following limits for when and how long the protection is disabled:
Whether the client allows either all traffic or all outbound traffic only.
The length of time the protection is disabled.
How many times you can disable protection before you restart the client.
See Configuring user interface settings.
Typically you should keep Tamper Protection enabled.
You might want to disable Tamper Protection temporarily if you get many false positive detections. You can create exceptions for false positive detections.
See Changing Tamper Protection settings.