Endpoint Protection

Hi, I am using the SEPM 11.0 RU5 and not able to Block a User's ability to disable SEP on Client.

The process is given in

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007110514540148

But it won't work

Anybody has any idea?

 

Whether non of the settings are working or some of them. Also assure that clients got latest policy.This you can find with the help of policy sl. no. 

Policy is properly implemented on clients. But "Disable SEPM is not grey out" any other suggestion.

"Disable SEPM is not grey out" do you mean "Disable Symantec Endpoint Protection not grayed-out".
Try by restarting the client. 

you need to close the lock symbol as per this document
follow these steps top to bottom,

Step 2: Remove the right to disable Threat detection:

1. Open the Symantec Endpoint Protection Manager.
2. Click Clients.
3. Select the group that contains the clients you want to be affected.
4. Click Policies.
5. Expand Location-specific Policies
6. Click Antivirus and Antispyware policy.
7. Click File System Auto-Protect, then lock this feature by clicking the lock symbol next to Enable File System Auto-Protect.
8. Click Internet Email Auto-Protect, then lock this feature by clicking the lock symbol next to Enable Internet Email Auto-Protect.
9. Click Microsoft Outlook Auto-Protect, then lock this feature by clicking the lock symbol next to Enable Microsoft Outlook Auto-Protect.
10. Click Lotus Notes Auto-Protect, then lock this feature by clicking the lock symbol next to Enable Lotus Notes Auto-Protect.
11. Click TruScan Proactive Threat Scans, then lock this feature by clicking the lock symbol next to Scan for trojans and worms and Scan for keyloggers.
12. Click OK.

 

NO Luck !!! even i done all the things mentioned in Step 2. Even now user is able to Disable the SEP.

Keep the Client User Interface Control Settings as Server control and try.

How could i Keep the Client User Interface Control Settings as Server Control?

But i think my Client User under Location -> Edit - > Server Control , Mixed Control. Server Control is selected.

check the policy use count of your antivirus and antispyware, make sure you have applied to all the groups, and you are indeed checking on the system which has the policy applied :)) 

Hi Rafeeq i think what user want to know is how can he prevent the user not to disable the symantec endpoint protection. Hi if  you have a (AD) active directory in your location just remove the domain admin and administrator rights of the user just leave the domain user and it will automatically grey out the disable symantec endpoint protection. But if your client or organization needs the domain admin and administrator rights there still a work around left same as my current settings open your symantec endpoint protection manager open clients policies location specific settings edit client user interface click on server control in general uncheck the display the client then applied ok.  Then after that if you want to take effect immediately run the command on group. The endpoint protection in the taskbar will not be visible. Hope this will help.

In SEPM go to  Clients -------> <the group which the client resides> ----->policies (right side)--->General settings----->Security settings Here you put some password for opening the client GUI and see whether it is getting effective..

Probably the policy might have not being recieved by the clients, because i face the same issue at a Customer's end but when i dployed the settings it didn't work but the very next morning it was applied.
Might be a delay in policy inheritance

Click on the image of the podlock to lock and unlock it not the words itself.

Go to Antivirus and Antispyware policy and select truscan proactive threat scans and in scan details, LOCK scan for keyloggers. Now it will disable user to disable SEP. In case of emergency, if administrator wants to disable protection, he needs to run command smc -stop. Make sure you start it back smc -start. ALONG WITH THESE STEPS, YOU NEED TO FOLLOW SYMANTEC STEPS IN THE LINK BELOW.

http://service1.symantec.com/support/ent-security.nsf/docid/2007110514540148?Open&seg=ent

Hi,

I'm am usingSymantec Endpoint Protection version 11.0.6005.562 , like other Administrators above I'd like to disable users ability to disable the symantec clients. So I tried the Instruction mentioned in http://service1.symantec.com/support/ent-security.nsf/docid/2007110514540148?Open&seg=ent but the problem is there is no lock option next to enable client .

its not on the client; its on the policy in the SEPM; where you will see a small lock option...

I see this in my box too. The helpdesk person says I can not disable. But the options are readily available.

Yes, for example, I opened the Antivirus and Antispyware policy> File System Auto-Protect>Scan Details. There is a tick button for "Enable System Auto-Protect" but the option to lock this button is not there that's why i cant lock it down.Unlike previous version there is a button beside with the podlock icon that you can toggle to lock or unlock the enable option.

can you post the screen shot please.

Sorry, i have the same issue, and this is happening to admins and non admins. I have tried almost everything mentioned in this thread and still unable to make the "disable symantec endpoint protection" gray out.

We the same issue as you Shajee! I wonder if there is an available update to this current version?

Tried it. Did not work.

post the screen shot...

I have applied a password so users are unable. but problem is when they right click on the systray, disabling the client protection is enabled

screenshot

find in attachment

I had this issue as well.  I did some poking around in the settings.  In SEP Manager go to Clients and select  your client group.  Click the Policies tab.  Toward the bottom of the Location-specific Policies and Settings you should see Location-specific Settings.  Expand that and click the link for Server Control.  Click the Customize button that appears next to Server Control.  Uncheck "Allow users to enable and disable Network Threat Protection".  You should be good to go.

Everybody is partially right here. :D

What the previous posts says is to lock the settings, but each suggestion is for one component only. End users can still be able to click on the "Disable.." option, but only the unlocked components will be disabled. I've previously setup for a client to allow the endusers to disable NTP but AV will still run. The client will PC has the "Disable..." option clickable but only the NTP component is stopped. Checking on task manager shows that the AV component is still up.