Endpoint Protection

How to config it to be disable after re-boot each time?
The only way I found is to disable manually by click the button. I am looking a way to disable permenantly and no need to disable again after re-boot.

Navigate to

 HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\smc_engine_status 

If the value of  smc_engine_status  is "0" that means NTP is Disabled

If the value of  smc_engine_status  is "1" that means NTP is Enabled

Why to want to disable it?
In how many computer you want to do this?
If you are having only one or two clients do as follows You can uninstall only network threat protection through add remove programs
For this Go to add/remove programs Select Symatec Endpoint protection Click on change. It will open a wizard,click next Here you will get option for modify ,select it and click next. click on network threat protection and select This feature will not be available and click next click install .This will remove only network threat protection permanently from your computer (it can be installed in the same way back)

If you are having a large no of clients do as follows First create a custom installtion feature set which is do not having network threat protection.Below doc can help you in this. Creating custom Client Installation packages in the Symantec Endpoint Protection Manager Console  h Then assign the packages to groups for this Log-on to the newly migrated Symantec Endpoint Protection Manager Console if you are not logged on. Click Admin > Install Packages. In the lower-left pane, under Tasks, click Upgrade Groups with Package. In the Welcome to the Upgrade Groups Wizard panel, click Next. In the Select Client Install Package panel, all existing client packages are listed in the drop down box. Select on Symantec Endpoint Protection <appropriate version="">. Click Next. In the Specify Groups panel, check one or more groups that contain the client computers then click Next. In the Package Upgrade Settings panel, check Download client from the management server. Click Upgrade Settings. In the Add Client Install Package dialog box, on the General tab, specify not to keep existing client features then specify the one you created in the earlier step, then configure a schedule for when to migrate the client computers. Under the Notification tab, specify a message to display to users during the migration. If the clients in the group run a version of Symantec Endpoint Protection previous to MR2, turn off scheduling. Scheduling is on by default when a new client install package is added to a group. If scheduling is turned on, the upgrade fails. To turn off scheduling, in the Add Client Install Package dialog box, uncheck Upgrade Schedule. For details about settings on these tabs, click Help. Click OK. In the Upgrade Groups Wizard dialog box, click Next. In the Upgrade Groups Wizard Complete panel, click Finish.</appropriate>

I am not sure what you are trying to achieve but this may help.

If you are certain that you never need NTP enabled for these users, it is best just to exclude it from the install package. Alternately install it for everyone and apply a non-restrictive policy to the clients which do not require NTP.

Our solution is a bit more involved and intended for short-term use in very specific circumstances. We have a very small number of privileged users who need to turn off NTP from time to time for test and disgnostic purposes, and we have a means to accommodate that within our overall policy of NTP enabled and locked. We have an Open firewall policy with a Pass-All ruleset so it passes all traffic - not technically disabled but close enough for most purposes. This policy is associated with a partiular location (Call it No NTP), and the location detection rule uses a combination of dns name resolution, ip connectivity and a couple of registry keys to activate that location. The privileged users have an On.reg and Off.reg file on their desktop which allows them to switch NTP off and on in very specific circumstances with just a double-click. In our case the default condition is On so they must consciously turn it off for diagnostics, but the same registry keys could be set by GPO or startup scripts if desired.

Thx you all.

It is my application developer's suggestion to turn off the NTP becasue it has conflict with their application.

How to disable it through a command line? So that I can put it in the autoexec then.

You can either create a batch file which will change the registry value as suggested by Prachand using reg add command and keep as a startup script.

or
Uninstall NTP from all clients by assigning a package to all groups with a package which is do not having NTP .For more info refer my earlier post.

Surely the better plan here is to work out what is causing the problem between NTP and your application.

By disabling Network Threat Protection, you are drastically reducing SEP's ability to protect your machine against the latest threats.  Not only are you disabling the firewall, but also IPS too.

What is the application that is having the problem when NTP is enabled and what problem do you see?