Question/Issue:
How to prevent users from disabling Symantec Endpoint Protection by right-clicking on the client system tray icon and selecting "Disable Symantec Endpoint Protection"?
Solution:
To prevent users from disabling Symantec Endpoint Protection on their client:
Step 1: Remove the right to disable Network Threat Protection:
- Open the Symantec Endpoint Protection Manager.
- Click Clients.
- Select the group that contains the clients you want to be affected.
- Click Policies.
- Expand Location-specific Settings.
- Click Tasks to the right of "Client User Interface Control Settings", then click Edit Settings.
- Select Server control or Mixed control if it is not already set to one of these.
- Click Customize.
- If Server control is enabled this will open the Client User Interface Settings dialog.
- If Mixed control is enabled this will open the Client User Interface Mixed Control Settings dialog.
- Uncheck Allow users to enable and disable Network Threat Protection.
- Click OK> OK.
Step 2: Remove the right to disable Threat detection:
- Open the Symantec Endpoint Protection Manager.
- Click Clients.
- Select the group that contains the clients you want to be affected.
- Click Policies.
- Expand Location-specific Policies
- Click Antivirus and Antispyware policy.
- Click File System Auto-Protect, then lock this feature by clicking the lock symbol next to Enable File System Auto-Protect.
- Click Internet Email Auto-Protect, then lock this feature by clicking the lock symbol next to Enable Internet Email Auto-Protect.
- Click Microsoft Outlook Auto-Protect, then lock this feature by clicking the lock symbol next to Enable Microsoft Outlook Auto-Protect.
- Click Lotus Notes Auto-Protect, then lock this feature by clicking the lock symbol next to Enable Lotus Notes Auto-Protect.
- Click TruScan Proactive Threat Scans, then lock this feature by clicking the lock symbol next to Scan for trojans and worms and Scan for keyloggers.
- Click OK.
Step 3: Force clients to update policy:
This step is not necessary as clients will receive the policy during their normal heartbeat, however, you may be able to speed up the process by performing the following:
From the Symantec Endpoint Protection Manager:
- Open the Symantec Endpoint Protection Manager.
- Click Clients.
- Select the group that contains the clients you want to be affected.
- Right-click on that group.
- Arrow over Run Command on Group.
- Click Update Content.
- Click Yes> OK
The client will receive a prompt to heartbeat and update its policy. Once the policy has been updated the option to Disable Symantec Endpoint Protection will be grayed-out when users right-click the Symantec Endpoint Protection system tray icon.
On the client:
- Right-click the Symantec Endpoint Protection system tray icon.
- Click Update Policy. The client will request the new policy from the manager
Once the policy has been updated the option to Disable Symantec Endpoint Protection will be grayed-out..
Thank you for sharing your blog. To find out more, visit our website.
ReplyDelete123.hp.com || 123.hp.com/setup || 123HP Setup || hp.com/setup || hp.com/123 || 123.hp.com setup || 123 HP Printer Setup || 123 HP Printer Support || 123 HP Setup and Install || 123hpcom || 123 HP Printer Install || 123hpcomsetup || 123 HP Wireless Setup || 123 HP Install || hpcom/123 || 123hpcominstall || 123HP Setup || 123 HP Smart App || Install 123 HP Printer || HP 123 Setup Scanner