Hi,
1. I have disabled the option for even administrators to disable the NTP component. This prevents us from disabling the firewall component. However, customer has a requirement to generate an automatic alert when it is disabled. I wanted to explore other possibilities. Does SEP forward the computer status information when we configure external logging?
--> Try by configuring Security event notification alert.
Go to SEPM --> Monitors --> Notifications --> Notification Conditions --> Click on 'Add' --> Select "Client Security Alert --> Under What settings would you like for this notification select 'Network Threat Protection Events'
2. Yes, I have the client password protection enabled and it does not prevent me from un-installing when running a cleanwipe with admin rights. Can we do anything to prevent this?
--> Cleanwipe is a last resort to remove the SEP client. Ideally Cleanwipe tool should be available only with admin users.