When attempting to access the Symantec Endpoint Protection Manager through the local console, remote Java console, or using a web browser, you are presented with "blocked content" errors from Internet Explorer Enhanced Security. You are unable to click the "Add" button to add the site to your Trusted sites zone. The "Add" button is not available, or you receive an error.

Endpoint Protection clients cannot download content from Manager.

"Access to this feature has been disabled by a restriction set by your system administrator" when attempting to edit Internet Properties > Security.

A combination of Internet Explorer Enhanced Security and Security Zone GPOs is blocking web access to Symantec Endpoint Protection Manager.

You must disable Internet Explorer Enhanced Security or add the URLs for the Symantec Endpoint Protection Manager to your Trusted Sites zone.

Or, URLs for the Endpoint Protection Manager may have been added to Restricted Sites. In this case, the solution is to remove these URLs from the Restricted Sites list.

Domain Policy may also need to be adjusted before you can change Internet Options > Security. For example, adding URLs to your Trusted sites zone may be prohibited by Domain Policy under Computer Configuration > Administrative Templates > Windows Components > Internet Explorer:

Security Zones: Use only machine settings
Security Zones: Do not allow users to change policies
Security Zones: Do not allow users to add/delete sites

Be aware also of the following issue that affects Internet Explorer 7:

You cannot add a Web site to the "Trusted sites" zone when Internet Explorer 7 is installed, even when the user account belongs to the Administrators group