The local protect and protect_update accounts can have the password changed through services manangement on Windows. As long as you update the service credentials everything will run as expected. The DLP software itself does not know the password and does not care what the password is. What I typically do is open notepad nad type in random giberish and put it in as the password.