When doing a fresh installation of SEP/SES client version 14.3 RU3 or later on Windows OS, you do not need to restart the client if the Application Control or Application Hardening are not removed or added.
If you are upgrading the SEP/SES client version 14.3 RU3 or later on Windows, you do not need to restart the client with the following exceptions:
SEP/SES 14.3 RU3 and later
SEP/SES Development team has been working towards rebootless upgrades of the client. We have achieved this within the product starting with SES 14.3 RU3 clients and their upgrades forward.
In situations with DLP Endpoint Agent 15.7.00333.01033 installed, as it is sharing the SymEFA with SEP/SES, the file has a blocker in place to restrict the update without reboot first.
DLP Endpoint Agent 15.8 MP2 and newer will allow SEP/SES 14.3 RU5 upgrade the SEP/SES client without needing a reboot. The SEP/SES 14.3 RU5 build should remove the blocker when it detects the appropriate DLP version installed.