Please do the following and mark as a solution if it works:
To prevent users from disabling Symantec Endpoint Protection (SEP) on their client:
Step 1: Remove the right to disable Network Threat Protection:
- Open the Symantec Endpoint Protection Manager.
- Click Clients.
- Select the group that contains the clients you want to be affected.
- Click Policies.
- Expand Location-specific Settings.
- Click Tasks to the right of "Client User Interface Control Settings", then click Edit Settings.
- Select Server control or Mixed control if it is not already set to one of these.
- Click Customize.
- If Server control is enabled this will open the Client User Interface Settings dialog.
- If Mixed control is enabled this will open the Client User Interface Mixed Control Settings dialog.
- Uncheck Allow users to enable and disable Network Threat Protection.
- Click OK> OK.
Step 2: Remove the right to disable Threat detection:
- Open the Symantec Endpoint Protection Manager.
- Click Clients.
- Select the group that contains the clients you want to be affected.
- Click Policies.
- Expand Location-specific Policies
- Click Antivirus and Antispyware policy.
- Click File System Auto-Protect, then lock this feature by clicking the lock symbol next to Enable File System Auto-Protect.
- Click Internet Email Auto-Protect, then lock this feature by clicking the lock symbol next to Enable Internet Email Auto-Protect.
- Click Microsoft Outlook Auto-Protect, then lock this feature by clicking the lock symbol next to Enable Microsoft Outlook Auto-Protect.
- Click Lotus Notes Auto-Protect, then lock this feature by clicking the lock symbol next to Enable Lotus Notes Auto-Protect.
- Click TruScan Proactive Threat Scans, then lock this feature by clicking the lock symbol next to Scan for trojans and worms and Scan for keyloggers.
- Click OK.
For Symantec Endpoint Protection 12.1, additional policies must be locked.
- In the Virus & Spyware Protection policy, click Sonar, then lock this feature by clicking the lock symbol next to Enable Sonar.
- In the Instrusion Prevention policy, click Settings, then lock both lock symbols next to Enable Network Intrusion Prevention and Enable Browser Intrusion Prevention.
Step 3: Clients update policy:
Clients will receive the policy according to their Communication Settings (they will be prompted to check in within a few seconds if in Push Mode; they will check in on their next scheduled heartbeat in Pull Mode).
You can prompt the heartbeat on the client:
- Right-click the Symantec Endpoint Protection system tray icon.
- Click Update Policy. The client will request the new policy from the manager
Once the policy has been updated the user will not be able to disable the Antivirus/Antispyware or the Network Threat Protection features.
Regards