It is noticed that the Symantec Network Access Control (SNAC) Service is running on Symantec Endpoint Protection Clients when network access control is not being used. Because there are no SNAC or Host Integrity (HI) policies being used, it is confusing as to why the SNAC service is running.
This is by design. The SNAC service and components are automatically installed on every SEP client, so that the client is ready to accept any SNAC or HI policies that may be used at a later date (for instance, if the SNAC capability is added to the SEP Manager in the future).
Also, there are key security components on the SEP client that always use the SNAC service, even when the SNAC components are not installed on the manager.
SNAC is installed by default and you cannot remove it. If we are not using Host Integrity/SNAC by default, its Stopped and in Manual state.
If the service is attempted to be removed or stopped, the automatic repair features of Symantec Endpoint Protection will reinstall.
Imported Document ID: TECH158481
Subscribing will provide email updates when this Article is updated. Login is required.