Ntrproxy.exe is used with Web Traffic Redirection (WTR), Network Traffic Redirection (NTR), or Web and Cloud Access Protection (WCAP) and its observed changing registry key values even when not in use.  

14.2 MP1+

If Web Traffic Redirection, Network Traffic Redirection, or Web and Cloud Access Protection was ever enabled and/or configured previously within the environment and later disabled, Endpoint Protection will apply these changes in the client for future use.  

This is by design. 

Workaround:  
For 14.3 RU1 MP1 and earlier: 
Upgrade to 14.3 RU2 or later and apply the workaround below


For 14.3 RU2 and later: 
a. Open the Endpoint Protection Manager and click the Policies Tab.
1) In SEPM, go the WCAP policy
2) Enable Web and Cloud Access Protection (WCAP)
3) Select "Tunnel" for the redirection method, next click OK
4) Disable WCAP
5) Save policy

b. Withdraw the Web Traffic Redirection (WTR), Network Traffic Redirection (NTR), or Web and Cloud Access Protection (WCAP) policy from the group

Next verify that RedirectionMethod is set to "FULL" within the Endpoint Protection client exported policy.xml file. 

ESCRT-7454 / Case # 32760465