Hi,
You are correct with the new release of Cleanwipe you can remove SEP though SEP is password protected.
However it's a good idea to block application itself.
Make sure ADC policy is configured correctly and has been assigned to correct group as well.
You should refer this article to create customize ADC policy: http://www.symantec.com/docs/TECH185907
The best way to use SEP to block unwanted software is to block the main .EXE of the program. To confirm you always block the correct file you will want to make an MD5 hash of that file.
NOTE: When a program is updated to a new version a new MD5 will need to be created and added, additionally you will need to make MD5s for all versions of the .EXE that may be in use.
Once the MD5 hash is known, the Application and Device Control policy can be configured to prevent that specific file from launching on the clients
Can refer these articles: http://www.symantec.com/docs/TECH93451
http://www.symantec.com/docs/HOWTO80859