If you are using Forefronturing  Client Security you know that it is not big in the corporate configuration department, much can however be done using GPO’s and general AD management..  Yes I also prefer having these options in a management console, but atlas it is still possible..

Read this article to get the low down.
Every Anti-Virus has a mechanism called tamper protection that helps administrator keep users from mishandling there antivirus settings and services. Forefront Client Security only offers basic control over what the user can or cannot do with the FCS Client Console on his client machine. What the FCS System doesn’t provide is a built-in mechanism to protect FCS services from being stopped or prevent FCS from being removed by the user.

It’s true that some of these are possible to prevent by not giving administrative privileges on the client workstation, but some of us don’t have that luxury.

Windows Group Policy has built-in settings that allow you both protect your services and disable removal by unauthorized users. This is how it’s done.

Protecting Forefront Client Security Services

http://blogs.microsoft.co.il/blogs/yanivf/archive/2009/01/09/temper-protection-in-forefront-client-security.aspx