Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

block user's ability to disable Symantec Endpoint Protection on Clients

Created: 17 Jul 2013 • Updated: 17 Jul 2013 | 5 comments
This issue has been solved. See solution.

hi guyz 

i am using SEPM12.1.3 andi want to block the user ability to disable sep clint . in this regard i have research alot and  found myny usefull articales like the one bellow 

http://www.symantec.com/business/support/index?page=content&id=TECH102822&locale=en_US

http://www.symantec.com/business/support/index?page=content&id=TECH168990

https://www-secure.symantec.com/connect/articles/how-disable-sep-features-client-gui-sep-121#comment-8994981

by following these links i have been able to block the "disable virus and spyware  protection features" and "Disable proactive threat protection features" but i am not able to block "desable all network threat protection features." so due to the i am not able to block " Disable symantec endpoint protection".

for refrence i am attaching a file that show that i have unck these option for NTP but still its not working. need hel guyz.

Operating Systems:

Comments 5 CommentsJump to latest comment

Mithun Sanghavi's picture

Hello,

In this case, you need to make sure you have ALL the policies are "locked".

Once this are locked, you would see the "Disable Symantec Endpoint Protection" 

Disable policy_1.JPG

Check this Article: http://www.symantec.com/docs/TECH102822

Secondly, in your case, if the Client machines are Managed then these are taking the policies from the SEPM.

Check this Article:

Client cannot configure settings for Network Threat Protection after installing Symantec Endpoint Protection http://www.symantec.com/docs/TECH102667

Make sure you have proper user control set.
  • In Server Control, changes can be made to unlocked settings, but they are overwritten when the next policy is applied.

  • In Client Control, client-modified settings take precedence over server settings. They are not overwritten when the new policy is applied, unless the setting has been locked in the new policy.

Changing the user control level http://www.symantec.com/docs/HOWTO55475

sep-ntp-clilent.jpg

 

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

SOLUTION
Mithun Sanghavi's picture

Hello,

Remove the right to disable Threat detection:

  1. Open the Symantec Endpoint Protection Manager.
  2. Click Clients.
  3. Select the group that contains the clients you want to be affected.
  4. Click Policies.
  5. Expand Location-specific Policies
  6. Click Antivirus and Antispyware policy.
  7. Click File System Auto-Protect, then lock this feature by clicking the lock symbol next to Enable File System Auto-Protect.
  8. Click Internet Email Auto-Protect, then lock this feature by clicking the lock symbol next toEnable Internet Email Auto-Protect.
  9. Click Microsoft Outlook Auto-Protect, then lock this feature by clicking the lock symbol next toEnable Microsoft Outlook Auto-Protect.
  10. Click Lotus Notes Auto-Protect, then lock this feature by clicking the lock symbol next toEnable Lotus Notes Auto-Protect.
  11. Click TruScan Proactive Threat Scans, then lock this feature by clicking the lock symbol next to Scan for trojans and worms and Scan for keyloggers.
  12. Click OK.

For Symantec Endpoint Protection 12.1 or for SEP 11 clients managed by SEPM running 12.1 versions, additional policies must be locked. 

  1. In the Virus & Spyware Protection policy, click Sonar, then lock this feature by clicking the lock symbol next to Enable Sonar.  
  2. In the Instrusion Prevention policy, click Settings, then lock both lock symbols next to Enable Network Intrusion Prevention and Enable Browser Intrusion Prevention.  

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.