Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

How to avoid users to deactivate SEP ?

Created: 01 Feb 2008 • Updated: 21 May 2010 | 7 comments
Hello,
 
I didn't find any position in policies where I can avoid users to disable SEP.
 
Where is this hidden ?
 
Thank You
 
 

Comments 7 CommentsJump to latest comment

simonster's picture
I have the same problem.
 
This occurs, if the users have admin rights on their local machine... they can deactivate SEP, kill the process... they even can stop the services so that they are absolutely unprotected.
 
How can i avoid this?
 
Cheers,
simonster
simonster's picture
Selmoni, this may help you:
 

To remove the ability to disable Network Threat Protection, perform the following.
 
1. Go to Clients, then the client group you want to remove this ability from.
2. Click the Policies tab on the right, then expand 'Location-specific Settings'.
3. Click on 'Server Control', then Customize.
4. In the Network Threat Protection section, uncheck 'Allow users to enable and disable Network Threat Protection'.
 
Repeat these steps for any other locations you want to enforce this to.
 
As for SNAC, that is a separately licensed feature of SEP. The service will remain set to Manual and not start until you install SNAC on your SEPM server. After that, as your clients check in, SNAC will be set to Automatic and will start. You will see the Host Integrity policy show up in SEPM as well, which needs to be configured if you intend on using SNAC.
 
I tried this... but my users are still able to deactivate the Protection... who can help me please?
Viachaslau Kabak's picture

hi
in SEPM:
policies-> Sntivirus and antispyware policy-> File System autoprotect - > lock the Enable File system autoprotect


Selmoni's picture
Thank You, but it does not work. I'm still able to deactivate it.
 
 
Bsalyer's picture
This is how we are doing it, i lost the link this is from but its on Symantec's site,
 

How to block user's ability to disable Symantec Endpoint Protection (SEP) on Clients

Step 1: Remove the right to disable Network Threat Protection:

1.     Open the Symantec Endpoint Protection Manager.

2.     Click Clients.

3.     Choose the group that contains the clients you want to be affected.

4.     Click Policies.

5.     Expand Location-specific settings.

6.     Click Tasks to the right of Client User Interface Control Settings, then click Edit.

7.     Choose Server control or Mixed control if it is not already set to one of these.

8.     Click Customize.

- If Server control is enabled this will open the Client User Interface Settings dialog.
- If Mixed control is enabled this will open the Client User Interface Mixed Control Settings dialog.
9. Uncheck Allow users to enable or disable Network Threat protection.
10. Click OK, then click OK again.

Step 2: Remove the right to disable Threat detection:

1.     Open the Symantec Endpoint Protection Manager.

2.     Click Clients.

3.     Choose the group that contains the clients you want to be affected.

4.     Click Policies.

5.     Expand Location-Specific Policies

6.     Click Antivirus and Antispyware Policy.

7.     Click File System Auto-Protect, then lock this feature by clicking the lock symbol next to Enable File System Auto-Protect.

8.     Click Internet Email Auto-Protect, then lock this feature by clicking the lock symbol next to Enable Internet Email Auto-Protect.

9.     Click Microsoft Outlook Auto-Protect, then lock this feature by clicking the lock symbol next to Enable Microsoft Outlook Auto-Protect.

10.  Click Lotus Notes Auto-Protect, then lock this feature by clicking the lock symbol next to Enable Lotus Notes Auto-Protect.

11.  Click Proactive Threat Scan, then lock this feature by clicking the lock symbol next to Scan for trojans and worms and Scan for keyloggers.

12.  Click OK.

Mexiken's picture

Is there a way to password protect the "Disable Symantec Endpoint Protection" option rather than disabling it altogether?  It would simplify the process of individual software installs and updates.because we could avoid opening the SEPM, waiting, logging in, waiting, clicking policy, waiting, change policy, waiting, clicking clients, waiting, selecting the client, waiting, pushing new policy, ..., then all the steps to undo these changes!

The admin should be prompted how long to keep SEP disabled.

Unless I missed this feature.

Mike T's picture
Clixck on the Clients icon, then highlight the GLOBAL root option in the left pane. This should bring up a tabbed interface on the right with the tabs: Clients, Policies, Details, etc.
 
Under the Policies tab there is a General Settings link (located under the Settings box).  Clicking on that will take you to another tabbed interface. Click on the security settings. Here is where I set a password that keeps users completely out of the SEPM client, unless they know the password.  That was a big help for me.  Will that accomplish what you are looking for?



Message Edited by Mike T on 02-29-2008 12:16 PM