Hello,
Disabling or withdrawing a managed SEP client's Firewall policy does not disable the NTP firewall driver. It will affect the SEP client's NTP component differently depending on whether the client is in Server control mode, or Client/Mixed control mode.
- Clients in Server control mode will place their NTP firewalls into passthrough mode. Network traffic will still pass through the NTP firewall driver and will only be evaluated against the Active Response block list.
- Clients in Client or Mixed control mode will continue to use their client-side NTP policy.
Network Threat Protection drivers (teefer.sys) need to be uninstalled to disable the NTP (Firewall) feature.
So, in case you want to Permanently Disable Network Threat Protection (firewall) Feature from the client machines from SEPM, then the only way is to uninstall the Feature.
Symantec Endpoint Protection: How to remove Network Threat Protection and Email Tools through the Symantec Endpoint Protection Manager.
http://www.symantec.com/docs/TECH103055
Check these Articles:
How to disable Client Network Threat protection from the Symantec Endpoint Protection Manager
http://service1.symantec.com/SUPPORT/ent-security.nsf/2326c6a13572aeb788257363002b62aa/083a3388bd9f7477ca2573910004866c?OpenDocument
Check this Thread :
https://www-secure.symantec.com/connect/forums/disable-symantec-endpoint-network-threat-protection
Hope that helps!!