From time to time, to accommodate an install or perform troubleshooting, we all need to temporarily shut down the Antivirus we are running.
Disabling System Center Endpoint Protection however is not a nice affair. You can either allow ALL users to turn it off or NO users to turn it off. This means that in any real company in which standard users are locked down, Administrators can not easily shut it down. I confirmed this with Microsoft Partner Support:
I understand that you would like to know if SCEP can be turned off by domain admins and other users couldn’t turn off SCEP. If I misunderstood anything, please let me know.
Based on my testing, I am afraid it was by design feature that we could either allow or disallow all client users to change Real Time Protection settings. As you mentioned, this settings were controlled by the Antimalware policies in SCCM console.
Can Endpoint be disabled by turning off the Service?
…I am afraid there was no such capability in SCEP that the service could be disabled according to the user roles…
…we can temporarily uninstall the SCEP for lab testing as a workaround…
To enable the ability to disable Endpoint Protection on the fly, it for ALL users:
- Start SYSTEM CENTER CONFIGURATION MANAGER
- Expand ASSETS AND COMPLIANCE > OVERVIEW > ENDPOINT PROTECTOIN > ANTIMALWARE POLICIES
- Right click on the policy in question and select PROPERTIES
- Click REAL-TIME PROTECTION and change ALLOW USERS ON CLIENT COMPUTERS TO CONFIGURE REAL-TIME PROTECTION SETTINGS to YES
- Click OK and wait for the policy to replicate to your PC’s
If you are a Microsoft Partner, you can see the much longer version of this discussion: