Endpoint Protection

 View Only
  • 1.  Help disabling NTP and PTP

    Posted Jun 09, 2009 10:12 AM

    Does anyone know the registry keys to disable Proactive Threat Protection (PTP) and Network Threat Protection (NTP)?

    Alternatively, if there is some command to run to disable them, that would be great too.

    I need to disable them both for the short-term, at least.  We already have host IPS and firewalls installed, and have to use those.  Therefore, I want to disable PTP and NTP to avoid conflicts.

    I thought I found the key for NTP (HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\smc_engine_status).  It seemed to work at first, but now it does not.  No clue why.

    Any help will be greatly appreciated.

    Thank you,
    Meredith



  • 2.  RE: Help disabling NTP and PTP

    Posted Jun 09, 2009 11:56 AM
     
    Well if you already deployed PTP and NTP as part of the package that was installed on the client.  At this point your best option is to simply disable them via policy.  You can uncheck the "enable" policy for Firewall and IPS.  You can also go into AV/AS policy and disable PTP from running.  However, if you only have IPS and firewalls running in your environment, I'm not sure why you would want to disable PTP in AV/AS.  It offers another layer of security.


  • 3.  RE: Help disabling NTP and PTP

    Posted Jun 09, 2009 12:11 PM
    Well, my software does a bit more than that...I was just trying to be succinct.  The other programs are made by McAfee and they do not always work well with Symantec products.

    I need to turn these off via script - the software is being deployed to a vast number of systems in many different locations, so I cannot access any of the systems locally to check or uncheck items.

    I found:

    HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Storages\SymHeurProcessProtection\RealTimeScan\1\Enabled and

    HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Storages\SymHeurProcessProtection\RealTimeScan\0\Enabled

    Changing their values to 0 seems to disable Proactive Threat Protection, but I still need to be able to turn off Network Threat Protection.

    Thanks,
    Meredith



  • 4.  RE: Help disabling NTP and PTP

    Posted Jun 09, 2009 12:28 PM
    Hi Meredith,

    Please let me know the SEP ver you are using.

    Are these systems reporting to the SEPM console?

    To disable the NTP and PTP there are 2 ways as per my knowledge:
     1) uncheck the "enable" policy for Firewall and IPS.
    2) Upgrade the your sepm console to the latest ver SEP MR4 MP2. (if it is old version)
         Once console is upgraded, Select Install packages Tab and add a new installation package.
          While creating the installation package Select the new version SEP MR4 MP2 and installation component select only Antivirus and Antispyware.

    By this all the clients will get upgraded to latest version and  as well it will be installed with only AV/AS.

    This works best on your LAN.  But takes more time for the systems located at different location.






     


  • 5.  RE: Help disabling NTP and PTP

    Posted Jun 09, 2009 12:39 PM
    Ajju,

    We are using MR4, and we are not using the Management Console at all.  We have unmanageed clients, and I cannot change that.

    There has to be a way to disable this...it is picking up the setting from somewhere - either a config file or the registry.  I tried exporting the Symantec portion of the registry with the component enabled and then with it disabled and compared the two, but only found three differences, and none affected NTP.  They did work on PTP though, so I am getting warmer.


  • 6.  RE: Help disabling NTP and PTP

    Posted Jun 09, 2009 01:49 PM
     HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysPlant change the START value to 4

    This disables the Application and Device Control

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\COH_Mon same thing this is Proactive Threat Scan

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Teefer2

    This for the Firewall in NTP

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WPS
    and
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WpsHelper

    These are the registry keys you need to play around with but they do need a reboot as few of them load in kernel level.





  • 7.  RE: Help disabling NTP and PTP

    Posted Jun 09, 2009 03:22 PM
    Vikram,

    I just tried changing those keys.  Once I rebooted, I lost my internet connection, and nothing was turned off in the GUI.  Did you actually try changing these on your system?

    Thanks,
    Meredith


  • 8.  RE: Help disabling NTP and PTP

    Posted Jun 20, 2009 12:04 PM
     Dont go as by GUI always..Its just cosmetic.Sometimes even if the drivers are disabled it shows enabled.