Endpoint Protection

 View Only

  • 1.  Controlling Symantec Endpoint Protection Services

    Posted Jun 06, 2013 11:49 AM

    I am running SEP 12.1.2015 in an Exchange 2010 SP2 server along with Symantec Mail Security for Microsoft Exchange, and I have been unable to disable the SMC and SEP services.  I can stop them using smc -stop, but I am looking for the ability to disable the antivirus completely for maintenance and software installs.  Even with all services stopped, they still can not be disabled.  We are preparing to upgrade to Exchange SP3, which essentially removes and replaces the Exchange install files and involves multiple reboots, and Microsoft recommends that Anti Virus programs be disabled during this process.  Tamper Protection has been disabled from the SEPM, and the server policy re-applied, but nothing seems to help.  Any suggestions?



  • 2.  RE: Controlling Symantec Endpoint Protection Services

    Posted Jun 06, 2013 11:50 AM

    You can uncheck the lock in the AV policy, which will allow you to stop Auto-Protect

    You can check review these KBAs which show you how to block disabling but you can do the opposite

    How do you lock down SEP client interface so that end users cannot disable components or modify settings.

    Article:TECH136678  |  Created: 2010-01-26  |  Updated: 2011-03-10  |  Article URL http://www.symantec.com/docs/TECH136678

     

    How to block a user's ability to disable Symantec Endpoint Protection on Clients

    Article:TECH102822  |  Created: 2007-01-05  |  Updated: 2013-03-19  |  Article URL http://www.symantec.com/docs/TECH102822

     

     



  • 3.  RE: Controlling Symantec Endpoint Protection Services

    Posted Jun 06, 2013 12:06 PM

    Thanks for the quick reply, but all of the locks in the AV policy for this group are "open" already.  This is one of several Exchange servers, and there are very few people who can actually log in to this server, so we are not worried about a user bypassing SEP, so just about the only restriction on this client is Live Update.

    I failed to mention, this was an upgrade from SEP 11.0.6, using the new "Basic Protection for Servers" installer package, if any of that makes a difference.

    I can disable the protection by right clicking the shield icon in the systray, but the client is re-enabled after a reboot.  I need to set the services withni "services.msc" to disabled.



  • 4.  RE: Controlling Symantec Endpoint Protection Services
    Best Answer

    Posted Jun 06, 2013 12:07 PM

    smc -stop will stop the SMC service.

    For AV, you just need to select "Disable all virus and spyware protection features" under the virus and spyware protection component

    I don't believe you can stop it from services.msc for 12.1. Seems to be hardcoded not to allow this whether tamper protection is enabled or not.



  • 5.  RE: Controlling Symantec Endpoint Protection Services

    Posted Jun 06, 2013 01:01 PM

    OK, well I guess that wil have to suffice.  Thanks again for your responses.