About enabling and disabling protection when you need to troubleshoot problems
In general, you always want to keep the protection technologies enabled on a client computer.
You might need to temporarily disable either all the protection technologies or individual protection technologies if you have a problem with the client computer. For example, if an application does not run or does not run correctly, you might want to disable Network Threat Protection. If you still have the problem after you disable all protection technologies, completely uninstall the client. If the problem persists, you know that the problem is not due to Symantec Endpoint Protection.
Be sure to enable again any of the protections when you have completed your troubleshooting task to ensure that the computer remains protected.
Table: Purpose for disabling a protection technology describes the reasons why you might want to disable each protection technology.
Table: Purpose for disabling a protection technology
Purpose for disabling the protection technology
Virus and Spyware Protection
If you disable this protection, you disable Auto-Protect only.
If you disable Auto-Protect, you also disable Download Insight, even if Download Insight is enabled. SONAR also cannot detect heuristic threats. SONAR detection of host file and system changes continues to function.
The scheduled or startup scans still run if you or the user has configured them to do so.
You might enable or disable Auto-Protect for the following reasons:
Auto-Protect might block you from opening a document. For example, if you open a Microsoft Word that has a macro, Auto-Protect may not let you open it. If you know the document is safe, you can disable Auto-Protect.
Auto-Protect may warn you about a virus-like activity that you know is not the work of a virus. For example, you might get a warning when you install new computer applications. If you plan to install more applications and you want to avoid the warning, you can temporarily disable Auto-Protect.
Auto-Protect may interfere with Windows driver replacement.
Auto-Protect might slow down the client computer.
See Running commands on the client computer from the console.
If Auto-Protect causes a problem with an application, it is better to create an exception than to permanently disable the protection.
See Creating exceptions for Virus and Spyware scans.
Proactive Threat Protection
You might want to disable Proactive Threat Protection for the following reasons:
See Adjusting SONAR settings on your client computers.
Network Threat Protection
You might want to disable Network Threat Protection for the following reasons:
You install an application that might cause the firewall to block it.
The firewall or the Intrusion Prevention System causes network connectivity-related issues.
The firewall might slow down the client computer.
You cannot open an application.
If you are not sure that Network Threat Protection causes the problem, you might need to disable all the protection technologies.
You can configure Network Threat Protection so that users cannot enable or disable it. You can also set the following limits for when and how long the protection is disabled:
Whether the client allows either all traffic or all outbound traffic only.
The length of time the protection is disabled.
How many times you can disable protection before you restart the client.
See Enabling or disabling network intrusion prevention or browser intrusion prevention.
See Unlocking user interface settings on the client.
Typically, you should keep Tamper Protection enabled.
You might want to disable Tamper Protection temporarily if you get an extensive number of false positive detections. For example, some third-party applications might make the changes that inadvertently try to modify Symantec settings or processes. If you are sure that an application is safe, you can create a Tamper Protection exception for the application.
See Changing Tamper Protection settings.