Endpoint Protection

Hi,

I have taken the sepm report,Monitor and computer status log ---and checking the same in that there are two column that i.e.staus and autoprotec on..

in th status it is showing as "disbale" and Auto-Protect On "Enabled".

What is the meaning of this?

Please find the screen shot

Is the client online and connected to the SEPM? Does it have the green dot on the SEP icon? This usually means it is offline. Please verify.

we have disbale the SEP clinet for testing,(using run--smc -stop)--as per the report AV is enabled or disbaled.

smc -stop does not disable AV but it does stop communication to the SEPM which is why your status shows as disabled.

Stopping SMC disables the following features:

• Client-Server communications
• Automatic content updates
• Client notifications
• The Network Threat Protection (NTP) Firewall
• The Client Intrusion Detection System (CIDS)
• Application Control
• Device Control
• Host Integrity

With SMC stopped, your computer will still be protected by Auto-Protect, Proactive Threat Protection (PTP), Download Insight, and email Auto-Protect.  These features will still generate log entries for new events, but no client notifications will be generated for detections while SMC is stopped.

What functions of the Symantec Endpoint Protection client are disabled by the smc -stop command?

In this case,we have to stop AV by using serives.msc and stop the "Symantec Endpoint Protection"services.is this correct?

It will be greyed out and you won't be able to stop it.

You need to allow Auto-Protect to be disabled from within the policy by opening the lock icon.

I would suggest creating a custom group for this and moving machines into it only when needing to do this.