Endpoint Protection

 View Only

  • 1.  Control SEP servies

    Posted Nov 13, 2013 05:20 AM

    How to prevent local admin from stopping SEP 12.1 services?



  • 2.  RE: Control SEP servies

    Broadcom Employee
    Posted Nov 13, 2013 05:24 AM

    set the password in the policy.



  • 3.  RE: Control SEP servies

    Posted Nov 13, 2013 05:27 AM

    Check articles

    How to block a user's ability to disable Symantec Endpoint Protection on Clients

     

    Article:TECH102822 | Created: 2007-01-05 | Updated: 2013-11-05 | Article URL http://www.symantec.com/docs/TECH102822

     

    Check mithun comments

    https://www-secure.symantec.com/connect/forums/block-users-ability-disable-symantec-endpoint-protection-clients-0#comment-8995441



  • 4.  RE: Control SEP servies

    Posted Nov 13, 2013 05:28 AM

    here is one more way the user able to disable the sep service through Services.msc.

    Check the below step it can help to disable the service change

     

    Please do the following:

    1. Open the Symantec Endpoint Protection Manager.
    2. Click the Clients tab.
    3. For any group, on the right hand side, select the Policies tab.
    4. In the Location-independent Policies and Settings, click General Settings.
    5. On the General Settings screen, click the Tamper Protection tab.
    6. Verify the option labeled "Protect Symantec security software from being tampered with or shut down."

    If this is enabled, the option to stop the Symantec Management Client service (smcservice) from service control manager will be unavailable. If it is disabled, stopping smc from the service control manager is allowed.

    http://service1.symantec.com/SUPPORT/ent-security....



  • 5.  RE: Control SEP servies

    Broadcom Employee
    Posted Nov 13, 2013 05:56 AM

    Hi,

    Thank you for posting in Symantec community.

    If you are talking about SMC service then can set the password to stop the service.

    Refer this article to prevent from stopping SEP features.

    How to prevent SEP features from being disabled in the client GUI in SEP 12.1

    http://www.symantec.com/docs/TECH168990



  • 6.  RE: Control SEP servies

    Posted Nov 14, 2013 07:12 AM

    Guys,

    I am talking about users with local admin rights. Tamper Protection won't stop local admins.

    Tamper protection is ENABLED

    Password for stopping the service is ENABLED



  • 7.  RE: Control SEP servies

    Posted Nov 14, 2013 07:23 AM

    Its worth pointing out that stopping "Symantec Endpoint Protection" DOES NOT stop realtime virus protection, just the notifications from it.

     

    You should also bear in mind that if you have admin rights to a machine there are still ways you can get round service security.

     


  • 8.  RE: Control SEP servies

    Broadcom Employee
    Posted Nov 14, 2013 08:55 AM

    Hi,

    Check this article: Does the current user have local administrator rights?

    http://www.symantec.com/docs/TECH91646

    Installing Symantec Endpoint Protection requires that you log on as a user with local administrator rights. The installer needs those rights in order to update the Windows Registry and to add the necessary files and folders.

     



  • 9.  RE: Control SEP servies

    Broadcom Employee
    Posted Dec 11, 2013 08:07 AM

    Hi,

    Is there any update?

    OR

    If issue has resolved, don't forget to mark your thread as 'SOLVED' with the answer that best helps you.



  • 10.  RE: Control SEP servies

    Posted Dec 11, 2013 10:07 AM

    Agree with Rafeeq.. Local admin access is available on that id's which is used for the IT work and apart that it available on the base of the approval and also they can't able to stop SmcService because of Tamper Protection Enable