How to stop Symantec Endpoint Protection from running on Windows [Guide]

symantec_end_pointLove it or hate it, many corporates prefer the notorious Symantec or Norton security in Windows OS for one reason or the other. The problem is that this security software, more often than not, creates silly situations. For instance:

  • I cannot access to my home wireless network even though I disable it!
  • Some internet service providers require (mine does) that you close your security software to run a proper speed test. And, Symantec Endpoint Protection cannot be closed by normal means! You can disable it by right clicking on the icon in the Taskbar but disabling this stubborn software does not prevent it from working as a watchdog and as interference.
  • It may also randomly prevent your access to some trustworthy sites.

Therefore, you must kill it in order to perform your desired task. Here is how you can kill it, by using commands (this works on Windows XP/Vista/Windows 7/Windows 8):

  • Press Windows button on your keyboard and R at the same time to bring Run window.
  • Type cmd and press Enter. This will come up with a black command window equivalent to that found in Linux/OSX as terminal.
  • Type cd c:\ and press Enter. This will change the directory to the one where your security software is installed. By default, it is C (please check if the IT officer in your company has used something else).
  • Type net stop “symantec antivirus” and press Enter. When it says, “The Symantec Endpoint Protection service was stopped successfully.”, you do the following:
  • Press Windows button on your keyboard and R at the same time to bring Run window again.
  • Type smc –stop and press Enter. You have now completely closed (killed) the program. You will see that the tray icon vanishes. Now, there will be no more intervention (please do the activities with caution!).

When you need the program again, you simply bring it back by doing the following:

  • Press Windows button on your keyboard and R at the same time.
  • Type cmd and press Enter.
  • Type cd c:\ and press Enter.
  • Type net start “symantec antivirus” and press Enter. You can then activate the options you normally use like firewall.

Enjoy!

Related Posts

  • blue

    Hi,

    I am on a work laptop and it has SEP enabled. I need to run winscp and vnc to run but it keeps blocking it. How can I disable it temporarily so I can just install and then return it back?

    I tried the CMD line but the wildcard% or “symantec antivirus” is not recognized.

    Please help.

  • Alex

    Finally I uninstall the whole thing with cleanwipe……

  • jams

    I am unable to read articles online very often, but I’m glad I did today. This is very well written and your points are well-expressed. Please, don’t ever stop writing.
    google

  • Bob

    SEP may (read..”most probably”) also have the tamper protection enabled. There are mutually supporting services running that monitor for the existence of each other. When one stops (or is stopped), the other re-activates it. Since you can only kill one process at a time using the task manager GUI, you cannot permanently stop SEP.

    You may be able to use a WMI command to kill all processes using a wildcard…eg “wmic process where name like %symantec% delete /nointeractive” This will kill the process(es) without confirmation. Use with caution else you cause a BSOD or other system crash, unless you don’t really care about a crash of course.

    Do a “wmic process list brief” (or “full” if you want a very verbose output) to help ID the search string to use in the wildcard portion of the command.

    If running Win7 or above, there is a powershell version of the WMI commands for PS fanbois..but the example above should work on all Win machines since the WMI is a core function of all versions of the Win OS.

  • Alex

    I also cannot stop the symantec services in “services.msc”, FYI.

  • Alex

    Hi, when I try your method, it showed “net helpmsg 2185 service name invalid” after I type “net stop “symantec antivirus”” under c:\, in this case how can I stop the SEP?

  • Arijeet

    [@mukhi] Even the services.msc method won’t work now because as opposed to other services, you don’t get an option to start or stop Symantec Endpoint Protection in GUI.

  • mukhi

    [@Daniel] Did you try the services.msc trick as described in the comments by me (May 29, 2013)? Please read the entire post, and proceed. Hope that works. Unfortunately, I cannot get this verified as I don’t have this corporate software anymore.

  • Daniel

    Hi, The command net stop does not work for symantec endpoint protection service anymore. Does anyone know how to stop it? Thanks.

  • mukhi

    [@Ravindra] I thought the guide was okay, but I doubt it now. Anyway, if you are unable to do it despite you follow “step by step”, please PM me, and we can have a chat or remote session.

  • Ravindra

    hey, can you please guide me

  • Mukhi

    [@JT] Try that, and see what happens! :)
    I have used services.msc command to “Stop the service” “Symantec Endpoint Protection”. It disabled the software as evident from the icon in the “Task Manager” tray. But both “Smc.exe” and “SmcGui.exe” were running which meant that the software was not killed. When I brought “Windows Task Manager”, and tried to kill the processes, they got killed (Symantec icon disappeared) but…after a few seconds, the icon was back with ‘enabled symbol’. I wanted to kill the .exe again, and I got “SYMANTEC TAMPER PROTECTION ALERT”, and it did not allow me to do anything else about it. But…
    When I have used services.msc command to “Stop the service” “Symantec Endpoint Protection” and “Symantec Management Client” (you may try to stop all related to Symantec, but apparently killing these two will suffice), it worked. You can call it a GUI approach (kind of) as opposed to a CLI approach. Thanks for the heads up.
    I have not tried but I am sure it works in a similar way if you use msconfig command. From “Services” tab, one needs to uncheck “Symantec Endpoint Protection” and “Symantec Management Client”, enter OK, and restart the computer. So this method requires restart.
    For those who don’t know, you can use commands in the Run window that can be brought by pressing Windows button on your keyboard and R at the same time.

  • JT

    Just wondering, couldn’t this be done with services.msc as well, and stopping, or disabling the service from running, and or msconfig to prevent any additional components of it?

  • Mike

    [@Mukhi] Exactly on point, altho Symantec cleaned up its act a few years earlier (around 2007/2008). And FAR offers abound (a good source: Frys.com, often with free ship–you only end up paying the tax and 2 stamps for rebates).

  • Mukhi

    [@DoktorThomas] Well, starting 2009 (as far as I remember), Norton/Symantec is not that heavy anymore, and it offers pretty good protection, IMO (remember, many corporates are still using it!). If you are in US, you can get it for free (or almost free) after MIR.

  • DoktorThomas

    I thought everyone stopped using the infamous Symantec and Norton security softwares–too expensive, too bulky and too holey. EXPLORE THE OPTIONS…

  • Mukhi

    [@gjohnson] Yes, restart turns it on, too. You can also turn it on by clicking on the short-cut or going to start menu.

  • gjohnson

    Hi Mukhi,
    Helpful – thanks. Would a restart turn it on again? May be simpler if so.

  • Jim-1

    Great tip! Thanks!! I thought I was doing it OK by just right click and then disable. There is a Windows Update that refuses to install on my computer, and Symantec still running may be the culprit.

  • Mukhi

    [@Enrique] Who says I am not down there anymore? I am omnipresent at dotTech!

  • Enrique

    Woah. Mukhi, why is your name up there and not down here in the comments anymore?? Haha.

    Great stuff man! :)