Most anti-virus solutions provide tamper protection mechanisms to prevent the users from disabling the Forefront Client Security software on their machines. Forefront Client Security only provides basic control over what the user can do with the FCS client console.
In order to further increase the tamper-protection measures, users should be prevented from stopping the FCS service or uninstalling the software from the machines.
Both of the above can be achieved by not providing administrative privileges to the users, but there are instances where the users may need to be local administrators on their machines. Under such circumstances, the following can be done:
This can also be done using Group Policy.
Both of these steps are described in detail over at the Security Wizard blog.