@ProfessorGumby @GossiTheDog What is the operational risk of a compromised arrivals kiosk?
If an unauthorized user can gain critical access to your systems via your arrivals kiosk, your problem isn't going to be fixed by running a kernel level endpoint protection service.
@tob @GossiTheDog if a malicious actor sets up camp on an unprotected endpoint, they can use that as a base of operations inside your enclave completely out of your visibility. From there they can do reconnaissance, data collection, exfiltration, etc. They can't do that from an appropriately protected endpoint.