Hi,
1, You can protect the installation in two ways:
-use ARPSYSTEMCOMPONENT="1" parameter in the msiexec install script, this will hide the agent from Add/Remove Progams in Control Panel
-use the UNINSTALLPASSWORDKEY="" parameter in the msiexec script as well, which will allow uninstallation only when the proper password is provided
Please find details in the DLP Admin Guide v11.1 on p. 1181.
2, You can export a policy into an XML file by clicking the Export policy link, at the bottom of the policy edit screen. It is possible to import this file when creating a new policy, see details in Admin Guide on p. 401.
Good Luck,
Barnabas