Endpoint Protection

Alternate title: "Disable Symantec Endpoint Protection" is ghosted even for Administrators.  

Folks usually want to know how to prevent users from being able to click "Disable Symantec Endpoint Protection" by right-clicking on the icon.  There are several answers to that, one being that only people in the Administrators group will be able to click on it.

In my case, in SEP 12.1 I am finding that "Disable Symantec Endpoint Protection" is ghosted even for Administrators. This was never the case in my SEP 11 environment and I do have similar settings in both.

I have gone through http://www.symantec.com/docs/TECH168990  and made sure that all those items were UNlocked.

I have even followed this  http://www.symantec.com/docs/HOWTO55475  re User Control Level, changed to Mixed Mode Control, and made nearly everything Client side control. 

I know about pushing policies out, about heartbeats, and how to confirm that the client has received the latest policy edit by looking at the policy timestamp.  I re-confirmed that the logged-on userid is in the local Administrator s group.

Any ideas to enable "Disable Symantec Endpoint Protection?"  To be clear, settings are unlocked.

Thank you

John

Do you have NTP component installed in client end? If no try by installing it in the client end.

What components do you have installed?

The installed Featues are

AV

Adv. Download Protection

POP3/SMTP scanner

PTP

Sonar

App & Device Control

NTP

IPS

(Everything except Outlook, Notes, and Firewall.)

Try by installing Firewall component in one system....

Going home now and wil try to do that after some morning meetings. What was your thought behind that?

Hi,

If you followed this article step by step in reverse way it should allow access to disable SEP client.

Make sure you have check location specific settings and IPS settings.

As I say, I used the articles I referenced (and others) in reverse (in full detail) including location specific settings and IPS settings. 

Ok, have you tried by installing firewall component?

Adding Firewall in Win 7 through Add or Remove Programs >  Modify  is giving me some trouble. The original resource is not availlable, so I clicked browse and navigated to the local SEP Cached Installs folder, "OK"  

But, then an Open window says "SEP.msi  You do not have permission to open this file" but I am in teh local Admins group that has full permissions to the folder and that MSI file.

Hmmm...

At the same time we are developing for SEP12.1, the new machines are also Windows 7.  Someone suggested disabling UAC but that did not enable the "Disable Symantec Endpoint Protection."

Thanks

Update

1.  Our Win 7/XP guru has a suggestion that requires knowing exactly what process(es) control the yellow shield icon, and/or the "Disable Symantec Endpoint Protection" option. For that I have tried SMC.exe and SMCgui.exe.     Are there any others?

2. It sounds like the issue and solution at the following thread are for this same issue: https://www-secure.symantec.com/connect/forums/sep1211mp1-disable-symantec-endpoint-protection-failed  so I will try it.

I will return Friday and hope to have my very own permanent Win 7 box to test.

Thanks

I installed Firewall, applied the default firewall policyand applied the default IPD policy, Updated the client.

No improvement yet.

This workaround seems to be working most of the time: 

The Aug. 2012  workaround:

Using a privileged logon, open the SEP interface.  Just before the installation,  click the bottom right “Options” button on SEP. In the flyout, click “Disable xxxxxx”

Move upward through each “Option” button you see,  clicking “Disable xxxxxx”

If you wish to confirm, click each “Option” button again and observe the phrase ““Enable xxxxxx”  instead of “Disable xxxxxx”  Proceed with your software installation.

One catch with the workaround is that sometimes at Network Threat Protecction, the Options button has a grayed-out choice for "Disable...." 

In those cases greg12 's solution at this thread https://www-secure.symantec.com/connect/forums/sep1211mp1-disable-symantec-endpoint-protection-failed#comment-7498371  seems to be working ...  ..

... and that is to "enable or disable the firewall under Status > NTP > Options > Change settings > Firewall." 

One other very strange thing about those Options buttons mentioned above, is that sometimes when you click one the wording is of the form "Disable all Network Threat Protection features,"  and sometime it is of the form " Disable NetworkThreat Protection."

Thanks

I just now opened Case 419 087 545.  

We are also noticing that the behavior is not 100% consistent. Right now I have a box on which the option is available.   

EDIT  the solution:

Thanks to Peter Y. at Symantec for excellent work on Case 419 087 545. 

If we need to disable SEP in the future, the process that is now stable is to disable UAC (move the UserAccessControl setting to the lowest)  and boot. Then the “Disable Symantec Endpoint Protection“ option is available.   More:

A key setting to enable is "Allow users to enable and disable Firewall" which should be called “Allow … Network Threat Protection”  not Firewall in my opinion.

This setting  is found under the client group, >  Location Specific Settings  >  Server Control  >  Customize button.  

We also unlocked a number of settings in the Antivirus Policy.

If 12.1.1000 still gives you trouble, upgrade or 12.1.1101 or later.  We edited so many settings I want to be sure you have all the info you might need.

 Thank you all very much for your consideration.

HTH

John

PS we install "Network Threat Protection" but not "Firewall."