Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

how to prevent disabling SEP

Created: 11 Feb 2014 • Updated: 11 Feb 2014 | 4 comments
This issue has been solved. See solution.

hi. i'm evaluating SEP 12.x and the first thing i usually do is prevent users from disabling any antivirus installed. with SEP 12.x, if a user right clicks the shield icon and click on "Disable Symantec Endpoint Protection" it goes and disables it.

i have read and gone thru all the posts here http://www.symantec.com/connect/forums/how-disable-disable-symantec-endpoint-protection and still users can disable SEP.

how hard can it be to prevent users from disabling the antivirus?

Operating Systems:

Comments 4 CommentsJump to latest comment

SMLatCST's picture

I've never had an issue with it tbh.  Can you confirm you've gone through every assigned policy and switched the padlock icon to locked for all settings (in addition to the Client User Interface settings changes in the group)?

#EDIT#

Another article on the subject:

http://www.symantec.com/docs/TECH102822

SOLUTION
rino19ny's picture

whoa!.. in IPS settings two padlocks are still unlocked.

now disable SEP is greyed out. thanks.

but i don't see the logic in making this difficult. preventing users from tampering with antivirus clients should be made easier and the first stop in any deployments.

.Brian's picture

Frankly, it's a little misleading. Even if you lock the AV and PTP policies, user's can still rught click. As you've seen, unchecking those boxes completes it. Very confusing to newer users to SEP.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SMLatCST's picture

Yeah, I agree that it is a bit fiddly and counter-intuitive.

If you think it of benefit, there's always the option of submitting an IDEA via these forums (under "Create Content -> Idea") for Symantec to provide a single console location within the SEPM for the control of users' abilities to disable components.

I'm sure it'd get lots of Yes votes!