Hello,
I'm looking for more information than what I can find in the documentation on how the endpoint agent (currently on version 15.5 MP2) protects from tampering from the end user. We have a situation where some users with admin privileges have stopped both the EDP and WDP processes, and they changed them from automatic to manual startup. Is there supposed to be any protection that would stop an admin user from doing this? In this situation, would these processes remain off even after a system reboot? If they get started again, how does that happen; e.g., are there registry values that change the startup type of the services, etc? Thank you for any help.