You need to disable the Tamper Protection feature for Symantec Endpoint Protection (SEP) clients.
Tamper Protection provides real-time protection for the Symantec applications that run on servers and clients. It protects Symantec processes and internal objects from the attacks that non-Symantec processes such as worms, trojan horses, viruses, and other security risks may make. Tamper Protection can block or log attempts to modify the Symantec processes or the internal software objects that synchronize Symantec threads and processes.
Use this method to disable Tamper Protection on a small number of clients. To disable Tamper Protection on multiple clients, use the method below.
It is recommended to create a Tamper Protection exclusion, where possible, rather than disable Tamper Protection altogether. For details, please see Creating a Tamper Protection exception on Windows clients or Creating exceptions from log events.