see this
Symantec Endpoint Protection Manager locks out an administrator for a certain length of time after a number of unsuccessful logon attempts. By default, the management server locks out an administrator for 15 minutes after five failed attempts.
You cannot unlock the administrator account without waiting for the specified period of time to pass. However, you can disable the administrator account from locking, though this action does not unlock the account. You can also change the number of unsuccessful logon attempts and wait the time that is permitted before the account is locked. A password change does not reset or otherwise affect the lockout interval.
For added security in 12.1.5 and later, after the first lockout the lockout interval doubles with each additional lockout. Symantec Endpoint Protection Manager reinstates the original lockout interval after a successful logon occurs or after 24 hours pass since the first lockout. For example, if the original lockout interval is 15 minutes, the second lockout triggers a 30-minute lockout interval. The third lockout triggers a 60-minute lockout interval. If the first lockout occurs at 2:00 P.M. on Thursday, then the 24-hour period ends 2:00 P.M. Friday, and Symantec Endpoint Protection Manager resets the lockout interval to 15 minutes.
To configure an administrator's account to lock after too many logon attempts
-
In the console, click > .
-
Under Administrators, select the administrator account that is locked.
-
Under Tasks, click .
-
On the General tab, uncheck .
See Resetting a forgotten Symantec Endpoint Protection Manager password.
See Changing the password for an administrator account.
See Enabling Symantec Endpoint Protection Manager logon passwords to never expire.
https://support.symantec.com/en_US/article.HOWTO80757.html