Client Self Defense protects the Endpoint Security Agent from being shut down, disabled, or tampered with in any way. If a user performs any of the following activities, the device is automatically rebooted to restore the correct system configuration:
Using Windows Task Manager to terminate any Endpoint Security Agent processes.
Stopping or pausing any Endpoint Security Agent services.
Removing critical files and registry entries. If a change is made to any registry keys or values associated with the Endpoint Security Agent, the registry keys or values are immediately reset.
Disabling NDIS filter driver binding to adapters.
Client Self Defense is enabled or disabled through the Security Settings policy. By default, the Endpoint Security Agent is configured to use the policy setting. However, the Endpoint Security Agent also provides a local setting that you can use to enable or disable Client Self Defense. This local setting enables you to override the policy setting or enable/disable Client Self Defense if no Security Settings policy is assigned.