Endpoint Protection

hi. i'm evaluating SEP 12.x and the first thing i usually do is prevent users from disabling any antivirus installed. with SEP 12.x, if a user right clicks the shield icon and click on "Disable Symantec Endpoint Protection" it goes and disables it.

i have read and gone thru all the posts here http://www.symantec.com/connect/forums/how-disable-disable-symantec-endpoint-protection and still users can disable SEP.

how hard can it be to prevent users from disabling the antivirus?

I've never had an issue with it tbh.  Can you confirm you've gone through every assigned policy and switched the padlock icon to locked for all settings (in addition to the Client User Interface settings changes in the group)?

#EDIT#

Another article on the subject:

http://www.symantec.com/docs/TECH102822

whoa!.. in IPS settings two padlocks are still unlocked.

now disable SEP is greyed out. thanks.

but i don't see the logic in making this difficult. preventing users from tampering with antivirus clients should be made easier and the first stop in any deployments.

Frankly, it's a little misleading. Even if you lock the AV and PTP policies, user's can still rught click. As you've seen, unchecking those boxes completes it. Very confusing to newer users to SEP.

Yeah, I agree that it is a bit fiddly and counter-intuitive.

If you think it of benefit, there's always the option of submitting an IDEA via these forums (under "Create Content -> Idea") for Symantec to provide a single console location within the SEPM for the control of users' abilities to disable components.

I'm sure it'd get lots of Yes votes!