Hello,
In this case, you need to make sure you have ALL the policies are "locked".
Once this are locked, you would see the "Disable Symantec Endpoint Protection"
Check this Article: http://www.symantec.com/docs/TECH102822
Secondly, in your case, if the Client machines are Managed then these are taking the policies from the SEPM.
Check this Article:
Client cannot configure settings for Network Threat Protection after installing Symantec Endpoint Protection http://www.symantec.com/docs/TECH102667
Make sure you have proper user control set.
-
In Server Control, changes can be made to unlocked settings, but they are overwritten when the next policy is applied.
-
In Client Control, client-modified settings take precedence over server settings. They are not overwritten when the new policy is applied, unless the setting has been locked in the new policy.
Changing the user control level http://www.symantec.com/docs/HOWTO55475
Hope that helps!!