With Symantec Endpoint Protection (SEP) 14, the option 'disable Symantec Endpoint Protection' on Clients is automatically available.

14.x verisons.

Generic Exploit Mitigation is introduced in intrusion prevention, there is a lock symbol next to Enable Generic Exploit Mitigation, which is default unlocked as below:

Follow the instructions in the links below to block the user's ability to disable SEP:

How to block a user's ability to disable Symantec Endpoint Protection on Clients

Click the lock symbol next to Enable Generic Exploit Mitigation to lock this feature as below:

For 14.2 versions, follow the steps below to lock Memory Exploit Mitigation (Aka GEM).

• Login into Symantec Endpoint Protection Manager console
• Click on Policies tab > Memory Exploit Mitigation below of Liveupdate policies
• Right-click on MEM policies and then click edit to change the settings and lock the feature.

Repeat the steps above for each MEM policy assigned for the SEPM groups and locations.

After the policy updated to SEP clients, then 'disable Symantec Endpoint Protection' option on clients will become unavailable and turns gray as below: