Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Disabling SEP 12.1

Created: 26 Jan 2013 | 8 comments

We are running through a reindex of our DMS, and they say it's running slower than it should. I have kept being asked to make sure certain folders are excluded from scanning, which they were. I (partly to make a point) ran smc -stop on the relevent servers, and verified that all Symantec services were stopped. The indexing performance has not changed.

Am I right that with all SEP services stopped that all AV functionality is completely disabled, and that the lack of any improvement in performance means that it could not be caused by SEP?

Comments 8 CommentsJump to latest comment

.Brian's picture

smc -stop will not disable SEP. Otherwise you can stop the SEP service from services.msc. This should disable it.

If you have NTP installed, you can right click the SEP icon in the task tray and select "Disable", this will disable the NTP component.

You can check this as well:

Disabling the Symantec Endpoint Protection client Network Threat Protection and Intrusion Detection System components

Article:HOWTO59111  |  Created: 2011-08-31  |  Updated: 2012-07-20  |  Article URL http://www.symantec.com/docs/HOWTO59111

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

dpeters11's picture

smc -stop was the first thing I did. I went into services and made sure all Symantec services were stopped. So currently no Symantec services are running, including the SEP service and SMC.

pete_4u2002's picture

what version of SEP?
is the "Symantec Endpoint Protection" stopped too?

dpeters11's picture

12.1 RU1 MP1

Yes, the Symantec Endpoint Protection service is stopped. Symantec Management Client service is off. 

I feel the issue is elsewhere, but whenever there's a problem it seems like they always say "It's Symantec". I turned everything off so that it couldn't be seen as that the exclusions weren't working. The vendor's documentation actually says to disable real time protection in any AV program running on one of these servers, permanently.

pete_4u2002's picture

yes exclusions are the correct way to check. it should be stopped, can you check this registry entry to know if AP is off or on
HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Storages\Filesystem\RealTimeScan\OnOff

dpeters11's picture

That's set to one (under wow6432node). Does that mean that Realtime Protection is currently running, or just that it would be if the services were started?

pete_4u2002's picture

yes, 1 represents on, change it o in registry and check the reindex. also suggest to open a support ticket.

SebastianZ's picture

Easiest way to be 100% sure of SEP is the cause is to deinstall it from this machine for test and check if the problem still occurs.