How to prevent SEP features from being disabled in the client GUI in SEP 12.1
| Article:TECH168990 | | | Created: 2011-09-07 | | | Updated: 2012-06-27 | | | Article URL http://www.symantec.com/docs/TECH168990 |
Problem
How to prevent users from disabling the Symantec Endpoint Protection (SEP) client features.
Environment
Symantec Endpoint Protection 12.1
Windows Server OS
Cause
The ability to disable SEP features is selectable - enabled by default for user selection.
Solution
1) The selection item to disable all Virus and Spyware protection features is available / enabled by default.
To disable Virus and Spyware protection feature access on a SEP client:
Logon to the SEPM --> Policies ---> Virus and Spyware Protection ---> Virus and Spyware Protection – Balanced --> Protection Technology --> Auto-Protect --> Check mark / lock Enable Auto-Protect
Confirm on Client, as seen below, the option "Disable all Virus and Spyware Protection features" is grayed out.
2) Disable Proactive Threat Protection is also enabled by default
Logon to the SEPM --> Policies --> Virus and Protection policy – Balanced --> Protection Technology --> SONAR --> Lock Enable SONAR
Confirm on client, as seen below, the item "Disable all Proactive Threat Protection features" is grayed out.
3) Disable Network Threat Protection access on SEP client.
Go to the Specific client group > Policies > Location specific setting > Client user interface settings > Edit settings > Uncheck Allow user to enable and disable firewall
Check on client, as seen below, the option "Disable all Network Threat Protection features" is grayed out.
4) Disable Symantec Endpoint Protection feature is also enabled by default.
1) In the SEPM, under Virus and Protection policy lock all the items which are unlocked
or
Select Virus and Protection policy- High security, it will lock all the items as a policy default.
2) Go to Specific group > Policies > Location-specific Settings > Client User Interface Control Settings > Tasks > Edit settings > Server Control > Customize > Uncheck the following two options
i) Allow user to enable and disable the firewall
ii) Allow user to enable and disable application and device control policy.
3) Also perform the following changes In the Policies tab of the SEPM:
1. Click Intrusion Prevention Protection policy.
2 .Click Setting, then lock this feature by clicking the lock symbol next to Enable Network Intrusion Prevention and Enable Browser Intrusion Prevention.
3. Click OK.
Check on client, as seen below, the option "Disable Symantec Endpoint Protection" is grayed out.
|
|
Article URL http://www.symantec.com/docs/TECH168990
Terms of use for this information are found in Legal Notices
Thank you.