From the point of view of administrator it is sometimes necessary to deprive some endpoints of their protection. For example if a worker in your company gest fired or if you are MSP and your client doesn't pay you want to deactivate his endpoint. After deactivating WSA of course becomes uninstalled but all you have to do is reinstall it from an executive used before. If you installed WSA by sending it via email template your user will still have this exe file and can use it. I just did it on my PC and WSA although my endpoint is deactivated works fine after reinstalling it. Is it possible to implement a feature that wouldn't allow deactivated endpoint to be protected?