How to prevent SEP features from being disabled in the client GUI in SEP 12.1

By Livin Jose 21 Mar, 2014
To disable Virus and Spyware protection feature access on a SEP client:
The selection item to disable all Virus and Spyware protection features is available / enabled by default.
  1. Logon to the ‘SEPM’ -> ‘Policies’ ->’Virus and Spyware Protection’.
  2. Right click on the policy that you have applied to clients and select ‘EDIT’
  1. On appearing window under ‘ Protection Technology ‘ –>select  ‘Auto-Protect ‘–> put a tick mark on ‘lock Enable Auto-Protect’.

  1. Press ‘OK’ button on the policy tab.
  2. Confirm on SEP Client, the option “Disable all Virus and Spyware Protection features” is grayed out.




















Disable Proactive Threat Protection is also enabled by default
  1. Logon to the ‘SEPM’ -> ‘Policies’ ->’Virus and Spyware Protection’.
  1. Right click on the policy that you have applied to clients and select ‘EDIT’
  2. On appearing window under ‘ Protection Technology ‘ ->‘SONAR’ -> tick the check box for ‘Lock Enable SONAR’.
  1. Press ‘OK’ button on the policy tab.
  1. Confirm on client, the item “Disable all Proactive Threat Protection features” is grayed out.


Disable Network Threat Protection access on SEP client

1Go to the Specific client group > Policies > Location specific setting >
Client User Interface Control Settings: Server Control-> Task -> Edit settings 


2. It will list show you whether the clients are controlled by ‘server control’, ‘client control’, or ‘Mixed control‘ (You will not be edit the settings of the group if those clients are under ‘Client control’).
3. Now click on ‘customize’ button and Uncheck ‘Allow the following users to enable and disable firewall’. click ‘OK’.






















Disable Symantec Endpoint Protection feature is also enabled by default
  1. Go to ‘Specific group’ -> ‘Policies’ -> ‘Location-specific Settings’ -> Client User Interface Control Settings -> Tasks ->Edit settings-> Server Control >Customize >Uncheck the following two options.
i) Allow the following user to enable and disable the firewall.
ii) Allow user to enable and disable application and device control policy.
  1. Click ‘OK‘.