The Endpoint Security Client is protected from being intentionally or unintentionally uninstalled, shut down, disabled, or tampered with in any way that would expose sensitive data to unauthorized users. Each measure protects the client against a specific vulnerability:
Normal uninstall is not allowed without an installation password (if implemented, see the ZENworks Endpoint Security Management Installation Guide), or an uninstall MSI is pushed down by the administrator.
Windows Task Manager requests to terminate STEngine.exe and STUser.exe processes are disallowed.
Service Pause/Stop and client uninstall is controlled by password, defined in the policy,
Critical files and registry entries are protected and monitored. If an invalid change is made to any of the keys or values, the registry is immediately changed back to valid values.
NDIS filter driver binding protection is enabled. If the NDIS driver is not bound to each adapter, STEngine rebinds the NDIS filter driver.