Disable Symantec Endpoint Protection option is still available from tray icon, when features are locked
Symantec Endpoint Protection (SEP) still allows end-users to use the "Disable Symantec Endpoint Protection" option, when they right-click the shield icon in the system tray, although you have locked the ability to disable features, in the policies in the Symantec Endpoint Protection Manager (SEPM) console.
When you install a client with multiple protection features, the features that you have locked in the policies are not available for the end-user to disable. However, the option to "Disable Symantec Endpoint Protection" from the tray icon is still available because you have not locked all features in the policies.
When the user clicks Disable Symantec Endpoint Protection, it disables all modules that you have not locked in policy; however, it does not disable the policies which you have locked.
In the SEP user interface, in the Status area, the disabled features appear, and you can verify which features you have not yet locked.
When all features are locked, the Disable Symantec Endpoint Protection menu option is grey, and unavailable for use.
To make this option unavailable to the end-user, you must lock the ability to disable all of the feature modules of the client software, such as:
Enable Internet Email Auto-Protect
Enable Microsoft Outlook Auto-Protect
Enable Lotus Notes Auto-Protect
Enable Network Intrusion Prevention
Enable Browser Intrusion Prevention
Imported Document ID: TECH165695
Subscribing will provide email updates when this Article is updated. Login is required.