Password protection settings have been configured in the Symantec Endpoint Protection Manager (SEPM) prior to upgrade to 14 RU1 version. Post upgrade of the client to 14 RU1, it is observed that the password protection settings are not honored on the client.
Symantec Endpoint Protection (SEP) 14 RU1 or 14 RU1 MP1
PBKDF2 is a password strengthening algorithm and it was implemented in SEP 14.0 RU1. In SEP 14.0 RU1 MP1, SEP client checks the existence of "AdminPassword" and "AdminPasswordPBKDF2" element to verify whether the password is set for any options. First, it checks for "AdminPassword" and later for "AdminPasswordPBKDF2" element.
After migrating SEPM 14.0 MP2 to SEPM 14.0 RU1 MP1, by default profile.xml does not contain the "AdminPasswordPBKDF2" element. If AdminPasswordPBKDF2" is missing then client assumes that password is not set for any option. As a result, SEP client does not prompt for a password.