Hi,

By deafult all the SEP features are accessible to end user.

Let's see one by one.

1) Disable all Virus and Spyware protection features is enable by default.

To disable Virus and Spyware protection feature access on SEP client

Go to SEPM --> Policies ---> Virus & Protection policy – Balanced --> Protection Technology-->Auto-protect --> Lock Enable auto-protect

2) Disable Proactive Threat Protection is also enable by default 

Go to SEPM -->Policies --> Virus & Protection policy – Balanced -->Protection Technology-->SONAR  -->Lock SONAR

Confirm on client, as you can see tab is grayed out.

3) Disable Network Threat Protection access on SEP client.

Go to Specific group --> Policies --> Location specific setting --> Client user interface settings --> Edit settings -->  Uncheck allow user to enable and disable firewall

Check on client, as you can see tab is grayed out.

4) Disable Symantec Endpoint Protection feature is also enable by default. 

1) In SEPM, under Virus and Protection policy lock all the items which are unlock

or

Select Virus and Protection policy- High security, it will lock all the items as a policy.

2) Go to Specific group --> Policies --> Location specific setting --> Client user interface settings --> Edit settings --> Uncheck the following two options

i) Allow user to enable and disable firewall

ii) Allow user to enable and disable application and device control policy.

3)  You also need to perform the following In the Policies tab of the SEPM:

1. Click  Intrusion Prevention Protection policy.

2 .Click Setting, then lock this feature by clicking the lock symbol next to Enable Network Intrusion Prevention and Enable Browser Intrusion Prevention.

3. Click OK

Check on client, as you can see tab is grayed out.