Video Screencast Help

How to disable protection completely

Created: 18 Nov 2009 • Updated: 21 May 2010 | 13 comments
This issue has been solved. See solution.

v11.05
Im working for small security analisyng company and I have to work with disassembling viruses, hack software analysing, etc.
So sometimes I just need to disable my antivirus completely and turn it on later.
When Im turning all off system autopotection, etc, etc, It still searches for viruses/trojans and deleting it. Why it does so if I chosen to disable all of autoprotect and how to disable system autoprotection completely? How can I turn it off completely without hard routine disabling services, its not a deal when you need to do it very often. Thank you.

Discussion Filed Under:

Comments 13 CommentsJump to latest comment

nep36's picture

*Im turning all off system autopotection off

Rafeeq's picture

To disable SEP
got to start run
type smc -stop
 will stop autoprotect
now check if thats detecting your software.once you are done.
restart the service
smc -start

let me know if this is working

shp's picture

I think you can stop the service to stop real time protection only..... 

Try to add threat or folder having the threat to centralized exception list... 

Then your virus will not be detected....

Regards,
Srinivas H.P.
HCL Infosystems Ltd

Rafeeq's picture

can you let me know what the pop says,

does it say autoprotected has detected and deleted or truscan ?

what are the components of sep you have installed?

Rafeeq's picture

to disable autoprotect completely

navigate to this registy key

HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Storages\Filesystem\RealTimeScan
on the right hand side you will find a key called OnOff
1 is file system autoprotect is on
0 means off.

Rafeeq's picture

Hello Nep,

try the registry key settings i have mentioned above.. its autoprotected disabling it will fix the issue.

https://www-secure.symantec.com/connect/forums/disabling-file-system-auto-protect-command-line

Bijay.Swain's picture

In Run Box type "services.msc" .
now disable and stop all symantec ervices.

later you can enable and start the services.

nep36's picture

I've red one of your posts:
"that the service "Symantec Endpoint Protection" is stopped.  Then within a minute or two and you can see the service "Symantec Endpoint Protection" service is running again - grrrr. The Symantec Antivirus and Antispyware is back up and enabled too!

But,... (There's always a but - grin) If we manually click disable Symantec Endpoint Protection from the yellow shield. It will stay disabled for ever. The  "Symantec Endpoint Protection" service is still running but the File System Auto-Protect is disabled..! This actually what we want to achieve. We don't want to stop the Symantec Endpoint Protection service we just want to disable the File System Auto-Protect feature via a command line."

So as I take now, I have to disable Symantec through right click at tray, not in options of Autoprotect to disable it completely, right?
I looked the registry, so it changes the key you mentioned above by itself to "0", when i do it.
Tryed just disabling it through the tray and it seems to be ok. It seems to me that the issue is solved.

 
Rafeeq's picture

when you right click and disable its disabling your symantec antivirus( any scans configured wil not run)
follow the registry and just make the autoprotect value to 0 will disable autoprotect ( the real time scan only)
on my test machine, i made the value to 0
used eicar string and it did not detect it
Just disable and nothing else.
let me know if you have any questions.

SOLUTION
Rafeeq's picture

if you want to disable via console
then open the sep interface
click on change settings
click on antivirus and antispyware protection.. click on file system autoprotect disable it.. if its grayed out you need to do from the SEPM console.

nep36's picture

Rafeeq
I checked the registry and it looks like It changes "HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Storages\Filesystem\RealTimeScan" to 0 from 1 automatically when im clicking to "disable protection" in tray and after it im not getting the old annoying behaviour when my risky apps was removed.
When Im enabling it in tray it sets RealTimeScan to 1 back and scans for viruses in real time.
Thats what I need. Thank you and all other helpers for your assistance.

Rafeeq's picture

Happy that its resolved ,Disabling from the tray will change the value in registry too ;) thanks for your time. have a good day !