smc -stop does not disable AV but it does stop communication to the SEPM which is why your status shows as disabled.
Stopping SMC disables the following features:
- Client-Server communications
- Automatic content updates
- Client notifications
- The Network Threat Protection (NTP) Firewall
- The Client Intrusion Detection System (CIDS)
- Application Control
- Device Control
- Host Integrity
With SMC stopped, your computer will still be protected by Auto-Protect, Proactive Threat Protection (PTP), Download Insight, and email Auto-Protect. These features will still generate log entries for new events, but no client notifications will be generated for detections while SMC is stopped.
What functions of the Symantec Endpoint Protection client are disabled by the smc -stop command?