So the users have administrative rights on the machines (BTW: Is this an AD environment)?
With Tamper Protection enabled only parts of the configuration should be accessible without authentication. For AV these are On-demand extensions and exclusions and Right-click scanning (as these scans are explicitly requested by the users it's in their interest to have reasonable settings anyway), Authorization (as e.g. installers may sometime trigger detections and administrators should be able to bypass this) and Scans. As far as On-Access scanning goes, they should not be able to make changes (except for Authorization).
SCF is a different matter. Right now it is not covered by Tamper Protection as the consequences of totally locking in the settings have to be considered carefully. It might come (especially if there is sufficient interest - so you should perhaps submit a feature request through Support).
As an aside - Web Control settings were initially "open". I (and perhaps others) have questioned this and as far as I can see the are now also subject to TP.
So the users have administrative rights on the machines (BTW: Is this an AD environment)?
With Tamper Protection enabled only parts of the configuration should be accessible without authentication. For AV these are On-demand extensions and exclusions and Right-click scanning (as these scans are explicitly requested by the users it's in their interest to have reasonable settings anyway), Authorization (as e.g. installers may sometime trigger detections and administrators should be able to bypass this) and Scans. As far as On-Access scanning goes, they should not be able to make changes (except for Authorization).
SCF is a different matter. Right now it is not covered by Tamper Protection as the consequences of totally locking in the settings have to be considered carefully. It might come (especially if there is sufficient interest - so you should perhaps submit a feature request through Support).
As an aside - Web Control settings were initially "open". I (and perhaps others) have questioned this and as far as I can see the are now also subject to TP.
