I have symantec endpoint protection manager, and I want know what permissions have the clients, them can stop the protection?, etc...
Check this:
How you have applied the policy?
If you applied the password on all four options then user has no access to change any setting
https://www-secure.symantec.com/connect/blogs/how-set-password-enable-usb-access-user-end
Some of the articles you can have a look at:
How to setup client password protection in Symantec Endpoint Protection Manager
http://www.symantec.com/docs/TECH102700
https://www-secure.symantec.com/connect/forums/prevent-sep-121-clients-using-disable-symantec-endpoint-protection
Password-protecting the client
http://www.symantec.com/docs/HOWTO55487