here is one more way the user able to disable the sep service through Services.msc.
Check the below step it can help to disable the service change
Please do the following:
- Open the Symantec Endpoint Protection Manager.
- Click the Clients tab.
- For any group, on the right hand side, select the Policies tab.
- In the Location-independent Policies and Settings, click General Settings.
- On the General Settings screen, click the Tamper Protection tab.
- Verify the option labeled "Protect Symantec security software from being tampered with or shut down."
If this is enabled, the option to stop the Symantec Management Client service (smcservice) from service control manager will be unavailable. If it is disabled, stopping smc from the service control manager is allowed.
http://service1.symantec.com/SUPPORT/ent-security....