You only want to have self protect active on a DCS or CSP IPS policy and everything else disabled, so the agent cannot be removed or disabled while only using IDS
Use the targeted prevention policy below for Windows or Unix agents:
sym_win_targeted_prevention_sbp
or
sym_unix_targeted_prevention_sbp
In the Java console, edit the policy you want to use to only have Self Protection active
Click on Sandboxes
Then Click Edit on Default PSET Options [Default_ps]
Make sure the box is checked to Enable SDCSS Self Protection
You can uncheck all the boxes under File Rules and Process Access controls to disable any IPS block rules
Click on the Home tab on the upper left
On the main screen for the policy click Global Policy Options and check for any rules that are active and set to block, make sure you uncheck them to disable them
Once you checked the Global Policy Options go back to the main page to edit the policy and click on File Rules
Make sure none of the rules that are set to block access are unchecked
Now you can save the policy and apply it, this will work on both Windows targeted prevention policies and Unix targeted prevention policies
Please make sure to test the policy before applying it to production, to verify that the policy is working as intended