When attempting to access the Symantec Endpoint Protection Manager through the local console, remote Java console, or using a web browser, you are presented with "blocked content" errors from Internet Explorer Enhanced Security. You are unable to click the "Add" button to add the site to your Trusted sites zone. The "Add" button is not available, or you receive an error.
Endpoint Protection clients cannot download content from Manager.
"Access to this feature has been disabled by a restriction set by your system administrator" when attempting to edit Internet Properties > Security.
A combination of Internet Explorer Enhanced Security and Security Zone GPOs is blocking web access to Symantec Endpoint Protection Manager.
You must disable Internet Explorer Enhanced Security or add the URLs for the Symantec Endpoint Protection Manager to your Trusted sites zone.
Or, URLs for the Endpoint Protection Manager may have been added to Restricted Sites. The solution in this case is to remove these URLs from the Restricted Sites list.
Domain Policy may also need to be adjusted before you can make changes to Internet Options > Security. For example, adding URLs to your Trusted sites zone may be prohibited by Domain Policy, under Computer Configuration > Administrative Templates > Windows Components > Internet Explorer:
Security Zones: Use only machine settings Security Zones: Do not allow users to change policies Security Zones: Do not allow users to add/delete sites
Be aware also of the following issue that affects Internet Explorer 7 on Windows XP, Vista, or Server 2003: