The Endpoint Security Agent includes self-defense functionality that can prevent it from being shut down, disabled, or tampered with in any way. If a user performs any of the following activities, the device is automatically rebooted to restore the correct system configuration:
Using Windows Task Manager to terminate any Endpoint Security Agent processes.
Stopping or pausing any Endpoint Security Agent services.
Removing critical files and registry entries. If a change is made to any registry keys or values associated with the Endpoint Security Agent, the registry keys or values are immediately reset.
Disabling NDIS filter driver binding to adapters.
By default, agent self defense is not enabled. The following sections provide instructions for enabling and disabling agent self defense: