greetings
if you right click on the the symantec endpoint protection (client) you will find Disable symantec endpoint protection (although) you have a paasword protecting the software the users can easily disable the client without providing any password and if you go throught the documnet to disable or dimm it you will also dimm all the disable feature even if you provide a password and opened the software. in simple words wither to dimm all the Disabled features from you as an admin and from the client or to enable all the Disabled items and you as admin and the client can do it
so please in the future versions of this try to either to put a specific control from SEP manager regarding the (Disable symantec endpoint protection) or you can simply put it inside the software after you enter the password to open it.
note: i've already opened a case with you and the enginners tell me it is not possible to achieve this
regards
Hossam