search cancel

How to block a user's ability to disable Symantec Endpoint Protection on clients

book

Article ID: 151336

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Note: This article is no longer being updated. The following article replaces it. Update your links or bookmarks to:
Preventing users from disabling protection on client computers


You want to prevent users from disabling the Symantec Endpoint Protection (SEP) client by right-clicking the client system tray icon and clicking Disable Symantec Endpoint Protection, or block a user's ability to disable Symantec Endpoint Protection on clients.

Resolution

To prevent users from disabling Symantec Endpoint Protection on their computer:

Step 1: Remove the right to disable Network Threat Protection

  1. Log on to the Symantec Endpoint Protection Manager.
  2. Click Clients.
  3. Click the group that contains the clients you want to be affected.
  4. Click Policies.
  5. Expand Location-specific Settings.
  6. Click Tasks to the right of Client User Interface Control Settings, then click Edit Settings.
  7. Select Server control or Mixed control, if it is not already set to one of these options.
  8. Click Customize.
    • If Server control is enabled, this opens the Client User Interface Settings dialog.
    • If Mixed control is enabled, this opens the Client User Interface Mixed Control Settings dialog.
  9. Uncheck Allow the following users to enable or disable the firewall.
  10. Click OK > OK.

Step 2: Remove the right to disable Virus and Spyware detection and Intrusion Prevention

  1. Log on to the Symantec Endpoint Protection Manager.
  2. Click Clients.
  3. Click the group that contains the clients you want to be affected.
  4. Click Policies.
  5. Expand Location-specific Policies
  6. Click Virus and Spyware Protection policy.
    1. Click Auto-Protect, then lock this feature by clicking the lock symbol next to Enable Auto-Protect.
    2. Click Internet Email Auto-Protect, then lock this feature by clicking the lock symbol next to Enable Internet Email Auto-Protect.
    3. Click Microsoft Outlook Auto-Protect, then lock this feature by clicking the lock symbol next to Enable Microsoft Outlook Auto-Protect.
    4. Click Lotus Notes Auto-Protect, then lock this feature by clicking the lock symbol next to Enable Lotus Notes Auto-Protect.
    5. (SEP 12.1/14) Click SONAR, then lock this feature by clicking the lock symbol next to Enable SONAR.
    6. (SEP 14) Click SONAR, then lock this feature by clicking the lock symbol next to Enable Suspicious Behavior Detection.
    7. Click Early Launch Anti-Malware Driver, then lock this feature by clicking the lock symbol next to Enable Symantec early launch anti-malware.
  7. Click OK.
  8. Click Intrusion Prevention policy.
    1. Click Intrusion Prevention, then lock this feature by clicking the lock symbol next to Enable Intrusion Prevention.
    2. Click Intrusion Prevention, then lock this feature by clicking the lock symbol next to Enable Browser Intrusion Prevention.
    3. (SEP 14) Click Generic Exploit Mitigation, then lock this feature by clicking the lock symbol next to Enable Generic Exploit Mitigation.
  9. Click OK.

Step 3: Update the client's policy

Clients will receive the policy according to their communication settings. If in Push Mode, Symantec Endpoint Protection Manager prompts the client to check in within a few seconds; if in Pull Mode, the client checks in on its next scheduled heartbeat.

You can prompt the heartbeat on the client:

  1. Right-click the Symantec Endpoint Protection notification area icon (also called the system tray icon).
  2. Click Update Policy. The client requests the new policy from the manager.

Once the policy has been updated the user will not be able to disable the Virus and Spyware Protection or the Network Threat Protection features.