If PM enabled with config and license, anti-tamper protection will protect the service an config files. If PM enabled the builtin\Administrator A can not enter the path C:\ProgramData\Avecto, cause their are a policy for this Admin A.
If this Admin A start from another client an SMB Request to the first client with this URL \\"computername"\c$\ProgramData\Avecto the access will allowed. The anti-tamper will not protect this folder trough remote smb access.
Please extend anti-tamper to protect PM.