Video Screencast Help

Can a local admin stop SEP as batch file?

Created: 12 Mar 2014 • Updated: 12 Mar 2014 | 13 comments
This issue has been solved. See solution.

We're on Symantec Endpoint Protection version 12.1.3001.165 and a user with local admin rights is trying to stop Symantec services while installing applications, then restart services. He was able to do this on SEP v12.1.1101.401 with a "smc -stop" command, but on the new version the command is refused. Are local admins not allowed to stop Symantec services with this new version? ...are we running the wrong command? ...can this no longer be controlled by a batch file?

Thank you!

Operating Systems:

Comments 13 CommentsJump to latest comment

tpmobley's picture

Sorry that was a typo "smc -stop" was what the user was trying and didn't work.

Rafeeq's picture

whats the error you get, on any version u should be able to stop by 

smc -stop

 

tpmobley's picture

According to the user, there's no error message. "smc -stop" just returns silently (ERRORLEVEL=0) and command action doesn't occur.

Rafeeq's picture

smc -stop 

will make the yellow sheild on the task bar disapper.

from the services.msc, check if symantec management service has option to start, stop 

if not then its tamper protection which is not allowing it

SMLatCST's picture

Yeah, so the command used remains the same (as everyone above has attested).

I'd personally start by checking that, since the upgrade, you've not changed the Tamper Protection settings for the group in which this machine resides, as this is likely what's preventing him/her from stopping the SEP services via smc -stop.

#EDIT#

Just to clarify, you'll want to either disable Tamper Protection altogether, Allow users to be able to disable Tamper Protection (by changing the padlock icon beside it to unlocked), or switch the Tamper Protection action to "Log Only".

SOLUTION
tpmobley's picture

That did it, thanks! (We tried "Job Only" and it failed, then unchecked Tamper Protection and worked just fine.)

SMLatCST's picture

Yeah, I noticed that recently with RU3 too.

I'd suggest upgrading as the 12.1RU4 client correctly allows me to perform a successful "smc -stop" while Tamper Protection is set to "Log Only" (as it really should).

James007's picture

Try this if you are using batch file

"%programfiles%\Symantec\Symantec Endpoint Protection\smc.exe" -p [Password] -stop

https://www-secure.symantec.com/connect/forums/stop-sep-remotely

tpmobley's picture

Good suggestion, but the password can't be distributed for security reasons. Thanks though.

Rafeeq's picture

AFAIK, this was not working when local admin logs in, 

smc -stop , smc - start always works

http://www.symantec.com/business/support/index?pag...