Video Screencast Help

How SEP Policies and Features work together

Created: 15 May 2013 • Updated: 16 May 2013 | 7 comments
This issue has been solved. See solution.

Hi, hopefully a quick and easy question. Ive trawled through the admin and implementation guide, but cant find a definitave answer to this:

Will a SEP policy apply to a client if the client doesnt have the feature installed?

For example, we have a client that doesnt have the Intrusion Prevention feature installed. BUT the client is in a Group that does have a policy assigned for IPS. Will this cause issues, or will SEP simply say, i dont have that feature, so i wont attempt to apply the policy.

Many Thanks!

Operating Systems:

Comments 7 CommentsJump to latest comment

technical_specialist's picture


If feature not avail then that part of policy not applied..

When you can install that feature policy will be implemented there.

pete_4u2002's picture

Will a SEP policy apply to a client if the client doesnt have the feature installed? NO

because the drivers for component will not be installed/working.

raju123's picture

Will a SEP policy apply to a client if the client doesnt have the feature installed?

No the policy not be applied on the client because the policy applied according to the running components.

AjinBabu's picture


Policies are applied on machines with respect of components on the client.



ᗺrian's picture

If no component is installed for that policy, it is simply not possible to be used.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Mithun Sanghavi's picture


The Policy would definitely not apply to the client when the said Feature is not installed.

I would suggest you to check this Article:

How Symantec Endpoint Protection protection features work together

Secondly on a kind note: Symantec encourages you to install all the features on the client machines.

Symantec Endpoint Protection Recommended Best Practices for Securing an Enterprise Environment

Hope that helps!!

Mithun Sanghavi
Associate Security Architect


Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Ninja750f's picture

Hi All thank you for your responses!

Yes, this question was mainly focussed around servers, as we have some old devices out there that are fairly high bandwidth, but low resourced, so we would be looking at excluding IPS from them etc. All other devices would have all features installed.

Im currently in the process of designing the group structure for SEPM so that policies etc can be applied and so that it is structured logically.

Thanks again for your responses@