Endpoint Protection

 View Only
  • 1.  Prevent users disabling SEPM Client

    Posted Oct 20, 2009 10:09 PM
    I have enabled the feaure where a password is required to open the SEP client on users desktop which works well.

    Now how do i disable their ability the right click the SEP system tray icon on the desktop and then click Disable SEP?

    Thanks


  • 2.  RE: Prevent users disabling SEPM Client
    Best Answer

    Posted Oct 20, 2009 10:47 PM
    To prevent users from disabling Symantec Endpoint Protection on their client:

    Step 1: Remove the right to disable Network Threat Protection:
    Open the "Symantec Endpoint Protection Manager."
    Click Clients.
    Select the group that contains the clients you want to be affected.
    Click Policies.
    Expand Location-specific settings.
    Click Tasks to the right of "Client User Interface Control Settings", then click Edit.
    Select Server control or Mixed control if it is not already set to one of these.
    Click Customize.
    If Server control is enabled this will open the Client User Interface Settings dialog.
    If Mixed control is enabled this will open the Client User Interface Mixed Control  Settings dialog.


    Uncheck Allow users to enable or disable Network Threat protection.
    Click OK> OK.


    Step 2: Remove the right to disable Threat detection:
    Open the "Symantec Endpoint Protection Manager."
    Click  Clients.
    Select the group that contains the clients you want to be affected.
    Click Policies.
    Expand Location-Specific Policies
    Click Antivirus and Antispyware Policy.
    Click File System Auto-Protect, then "lock this feature" by clicking the lock symbol next to Enable File System Auto-Protect.
    Click Internet Email Auto-Protect, then "lock this feature" by clicking the lock symbol next to Enable Internet Email Auto-Protect.
    Click Microsoft Outlook Auto-Protect, then "lock this feature" by clicking the lock symbol next to Enable Microsoft Outlook Auto-Protect.
    Click Lotus Notes Auto-Protect, then "lock this feature" by clicking the lock symbol next to Enable Lotus Notes Auto-Protect.
    Click Proactive Threat Scan, then "lock this feature" by clicking the lock symbol next to Scan for trojans and worms and Scan for keyloggers.
    Click OK.


    Step 3: Force clients to update policy:
    This step is not necessary as clients will receive the policy during their normal check-in

    From the manager:
    Open the "Symantec Endpoint Protection Manager."
    Click Clients.
    Select the group that contains the clients you want to be affected.
    Click Run Command on Group.
    Click Update Content.
    The client will receive a prompt to heartbeat and update its policy.   Once the policy has been updated the option to Disable Symantec Endpoint Protection will be grayed-out when users right-click the Symantec Endpoint Protection system tray icon.

    On the client:
    Right-click the Symantec Endpoint Protection system tray icon.
    Click Update Policy
    The client will request the new policy from the manager. Once the policy has been updated the option to Disable Symantec Endpoint Protection will be grayed-out.