Support - Platinum Support
tab end BCS Web Site divider MySupport divider Log Out navbar end
navbar end home symantec alerting service security center knowledge base navbar end
BCS Knowledge Base


Rate This Document
1x3 spacer
1x1 spacer

print this documentDocument ID:2007121007424548
Last Modified:04/07/2009

Symantec Endpoint Protection: How to remove Network Threat Protection and Email Tools through the Symantec Endpoint Protection Manager.

Situation:The Symantec firewall (Network Threat Protection) is blocking communications, and disabling it is insufficient.

Solution:If a computer, especially the server, has an unmanaged client installation of Symantec Endpoint Protection, change its installation to a managed client by using the following document:

"Manually making an unmanaged Symantec Endpoint Protection client, managed." at URL:

If there is no pre-existing firewall on the network, configure the Firewall Rules in the Endpoint Protection Manager.
    • For testing, use Rule 9:
      • Allow All, by moving it up to the top
      • Checking communications status
      • Then move it down one rule at a time
        • Applying the policy
        • Checking communications.

When communications become blocked, the rule immediately above "Allow All" will need to be configured.
      • If there is a pre-existing firewall, or if difficulties persist even when the "Allow All" rule has been promoted to the top, proceed with the below:
        • Create and apply an Install Package with only AntiVirus and AntiSpyware, in the Symantec Endpoint Protection Manager.

Part I - Create a custom feature set
  1. Select the Admin view.
  2. Click Install Packages.
  3. Select View Install Packages, click Client Install Feature Sets.
  4. Select Tasks, click Add Client Install Feature Set..
  5. Type Only AV No Email in the Name box.
  6. Uncheck all except AntiVirus and AntiSpyware at the top.
  7. Click OK.
  8. You should see "Only AntiVirus No Email" listed under "Client Install Feature Sets", default.

Part II - Assign and deploy the custom feature set
  1. Click the Clients View.
  2. Select the client group you would like to modify.
  3. Under the Install Packages tab open the "Add Client Install Package window":
    • If there is no package listed under "Package Name":
      • Select "Add a Client Install Package" from the Tasks menu
      • Ensure that the correct package WIN32BIT or WIN64BIT package displays in the Select the package to use for upgrading clients in this group: field
    • If there is already a (WIN32BIT or WIN64BIT) install package in use, double-click that package or highlight it
      • Select Edit Client Install Package under Tasks.

  4. From the "Add Client Install Package window",
  5. In the Client Features section, disable the Maintain existing client features when updating option.
  6. From the Select the features you want to use drop down list: Select Only AntiVirus No Email and click OK.
  7. Under the Clients tab, from the Tasks menu: click Run Command on Group
  8. Select Update Content.

When a managed client has received the update, it will show only the AntiVirus and AntiSpyware component in its client interface.

Note: To remove Network Threat Protection from an unmanaged Symantec Endpoint Protection client, please see the following document:

"How to uninstall/remove Network Threat Protection feature from Endpoint Protection" at URL:

References:This document is available in the following languages:

print this documentDocument ID:2007121007424548
Last Modified:04/07/2009

rate this document
Does this document answer your question?
Maybe, need to test
None of the above
Is this document well written and easy to use?
Submit specific suggestions to improve the quality of this document.

Product(s): Endpoint Protection 11
Operating Systems(s):
Date Created: 12/10/2007

  © 1995-2014 Symantec Corporation. All rights reserved. feedback | legal notices | privacy policy