has the client taken the policy?
Edit
by default SEP 12.x Tamper Protection are on .
If you don't want kindly change setting.
Please do the following:
- Open the Symantec Endpoint Protection Manager.
- Click the Clients tab.
- For any group, on the right hand side, select the Policies tab.
- In the Location-independent Policies and Settings, click General Settings.
- On the General Settings screen, click the Tamper Protection tab.
- Verify the option labeled "Protect Symantec security software from being tampered with or shut down."
If this is enabled, the option to stop the Symantec Management Client service (smcservice) from service control manager will be unavailable. If it is disabled, stopping smc from the service control manager is allowed.