First Step:
Note: This is the basic step for turning off the option to "Disable Symantec Endpoint Protection" from the client:
Open the Symantec Endpoint Protection Manager.
Click on the Policies tab on the far left side.
Under View Policies in the middle column highlight Antivirus and Antispyware.
Highlight your current policy on the right side under Antivirus and Antispyware Policies, if needed create a new policy and highlight.
From under the Tasks menu in the middle column select Edit the Policy, and a new window will open.
Take note of the menu in the upper left corner of the new window.
Navigate through every link in the menu and look for the paddle lock symbols.
Every paddle lock symbol will need to be locked. To do so click on the lock and it will go from an unlocked state to a locked state.
This must be done in every link, and from within every tab from within the link.
Second Step:
Note: Although not required this step will keep Network Threat Protection from being turned off at the client:
Open the Symantec Endpoint Protection Manager.
Click on the Clients tab on the far left side.
Click on the Policies tab in the upper right window.
Click on Location-specific Settings.
Select Server Control and a new window will open.
Make sure Server Control is selected, and click the Customize button next to it. A new window will open after that.
Uncheck "Allow Users to Enable and Disable Network Threat Protection"