How to stop Symantec Endpoint Protection from running on Windows [Guide]

symantec_end_pointLove it or hate it, many corporates prefer the notorious Symantec or Norton security in Windows OS for one reason or the other. The problem is that this security software, more often than not, creates silly situations. For instance:

  • I cannot access to my home wireless network even though I disable it!
  • Some internet service providers require (mine does) that you close your security software to run a proper speed test. And, Symantec Endpoint Protection cannot be closed by normal means! You can disable it by right clicking on the icon in the Taskbar but disabling this stubborn software does not prevent it from working as a watchdog and as interference.
  • It may also randomly prevent your access to some trustworthy sites.

Therefore, you must kill it in order to perform your desired task. Here is how you can kill it, by using commands (this works on Windows XP/Vista/Windows 7/Windows 8):

  • Press Windows button on your keyboard and R at the same time to bring Run window.
  • Type cmd and press Enter. This will come up with a black command window equivalent to that found in Linux/OSX as terminal.
  • Type cd c:\ and press Enter. This will change the directory to the one where your security software is installed. By default, it is C (please check if the IT officer in your company has used something else).
  • Type net stop “symantec antivirus” and press Enter. When it says, “The Symantec Endpoint Protection service was stopped successfully.”, you do the following:
  • Press Windows button on your keyboard and R at the same time to bring Run window again.
  • Type smc –stop and press Enter. You have now completely closed (killed) the program. You will see that the tray icon vanishes. Now, there will be no more intervention (please do the activities with caution!).

When you need the program again, you simply bring it back by doing the following:

  • Press Windows button on your keyboard and R at the same time.
  • Type cmd and press Enter.
  • Type cd c:\ and press Enter.
  • Type net start “symantec antivirus” and press Enter. You can then activate the options you normally use like firewall.


Share this post


Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>


  1. Bob

    SEP may (read..”most probably”) also have the tamper protection enabled. There are mutually supporting services running that monitor for the existence of each other. When one stops (or is stopped), the other re-activates it. Since you can only kill one process at a time using the task manager GUI, you cannot permanently stop SEP.

    You may be able to use a WMI command to kill all processes using a wildcard…eg “wmic process where name like %symantec% delete /nointeractive” This will kill the process(es) without confirmation. Use with caution else you cause a BSOD or other system crash, unless you don’t really care about a crash of course.

    Do a “wmic process list brief” (or “full” if you want a very verbose output) to help ID the search string to use in the wildcard portion of the command.

    If running Win7 or above, there is a powershell version of the WMI commands for PS fanbois..but the example above should work on all Win machines since the WMI is a core function of all versions of the Win OS.

  2. mukhi

    [@Daniel] Did you try the services.msc trick as described in the comments by me (May 29, 2013)? Please read the entire post, and proceed. Hope that works. Unfortunately, I cannot get this verified as I don’t have this corporate software anymore.

  3. Mukhi

    [@JT] Try that, and see what happens! :)
    I have used services.msc command to “Stop the service” “Symantec Endpoint Protection”. It disabled the software as evident from the icon in the “Task Manager” tray. But both “Smc.exe” and “SmcGui.exe” were running which meant that the software was not killed. When I brought “Windows Task Manager”, and tried to kill the processes, they got killed (Symantec icon disappeared) but…after a few seconds, the icon was back with ‘enabled symbol’. I wanted to kill the .exe again, and I got “SYMANTEC TAMPER PROTECTION ALERT”, and it did not allow me to do anything else about it. But…
    When I have used services.msc command to “Stop the service” “Symantec Endpoint Protection” and “Symantec Management Client” (you may try to stop all related to Symantec, but apparently killing these two will suffice), it worked. You can call it a GUI approach (kind of) as opposed to a CLI approach. Thanks for the heads up.
    I have not tried but I am sure it works in a similar way if you use msconfig command. From “Services” tab, one needs to uncheck “Symantec Endpoint Protection” and “Symantec Management Client”, enter OK, and restart the computer. So this method requires restart.
    For those who don’t know, you can use commands in the Run window that can be brought by pressing Windows button on your keyboard and R at the same time.

  4. JT

    Just wondering, couldn’t this be done with services.msc as well, and stopping, or disabling the service from running, and or msconfig to prevent any additional components of it?

  5. Mike

    [@Mukhi] Exactly on point, altho Symantec cleaned up its act a few years earlier (around 2007/2008). And FAR offers abound (a good source:, often with free ship–you only end up paying the tax and 2 stamps for rebates).

  6. Mukhi

    [@DoktorThomas] Well, starting 2009 (as far as I remember), Norton/Symantec is not that heavy anymore, and it offers pretty good protection, IMO (remember, many corporates are still using it!). If you are in US, you can get it for free (or almost free) after MIR.

  7. Jim-1

    Great tip! Thanks!! I thought I was doing it OK by just right click and then disable. There is a Windows Update that refuses to install on my computer, and Symantec still running may be the culprit.