Ensure you have followed all the steps in this document:
Title: 'How to block user's ability to disable Symantec Endpoint Protection on Clients'
Document ID: 2007110514540148
> Web URL: http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007110514540148?Open&seg=ent
More specifically make sure you enacted this part:
Step 1: Remove the right to disable Network Threat Protection:
Open the "Symantec Endpoint Protection Manager."
Click Clients.
Select the group that contains the clients you want to be affected.
Click Policies.
Expand Location-specific settings.
Click Tasks to the right of "Client User Interface Control Settings", then click Edit.
Select Server control or Mixed control if it is not already set to one of these.
Click Customize.
If Server control is enabled this will open the Client User Interface Settings dialog.
If Mixed control is enabled this will open the Client User Interface Mixed Control Settings dialog.
Uncheck Allow users to enable or disable Network Threat protection.
Click OK> OK.
Hope that helps!