Yes please develop this as we have users who have to have local admin permissions and yet we do not want them to remove DefensX from their work computer

Maybe include some sort of notification options or entries within the audit logs that show details on behavior like this occurring such as when it occurred, and by what user signed into what asset that the agent is deployed to.