How to remove the Network Access Control module from both Endpoint Protection manager and client
search cancel

How to remove the Network Access Control module from both Endpoint Protection manager and client


Article ID: 180349


Updated On:


Endpoint Protection Network Access Control




As of 14.2, Symantec Network Access Control (SNAC) is auto-disabled by default. It is recommended that the Symantec Endpoint Protection Manager (SEPM) and SEP clients all be upgraded to 14.2, or newer, in order to properly disable SNAC. In the event that is not feasible at this time, the following steps may be applied:

  1. OPTIONAL STEP: Within your SEPM, ensure that you have withdrawn all Host Integrity policies from all clients/groups before you continue on. This may be skipped if you are running version 12.1.5, or newer, and plan to keep using Host Integrity.
  2. Access the Clients page of the SEPM console, select a client group (e.g. My Company) and then click the Policies tab for this group. Select the General Settings link, then go to the Security Settings tab and uncheck the option here to Enable SNAC. This step is necessary in order for SNAC to show as removed on the managed SEP clients.
  3. Wait until all SEP clients have received the policy changes to disable SNAC functionality.
  4. Log out of your SEPM
  5. Open Windows Service Manager via Start > Run, and then enter services.msc.
  6. Stop the following services:
    • Symantec Endpoint Protection Manager 
    • Symantec Endpoint Protection Manager Webserver
  7. Navigate to the license folder. The default location:
    • For 32-bit: C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\etc\license
    • For 64-bit: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\tomcat\etc\license
  8. Move or delete SNAC.xml.
  9. Restart the SEPM services.
  10. Log on to your SEPM to confirm that Host Integrity does not show under Policies.
    • Note: As of 12.1 RU5 (12.1.5337.5000), it is expected that Host Integrity will continue to be listed in the Policies section of the SEPM console; however, please verify that the Host Integrity policy Requirements to verify the Gateway or DHCP Enforcer options are no longer present.  
  11. From the SEPM console go to Admin > Licenses and delete your SNAC license(s).
  12. On a Symantec Endpoint Protection Manager "Run a command on the group > Update Content" to ensure all SEP clients get latest policy updates when they heartbeat in.
  13. After the policy updates, a reboot of the client computer may be necessary.