1E Client installer can perform arbitrary file deletion on protected files.
A non-privileged user could provide a symbolic link or Windows junction to point to a protected directory in the installer that the 1E Client would then clear on service startup. A hotfix is available Q23092 that forces the 1E Client to check for a symbolic link or junction and if it finds one refuses to use that path and instead creates a path involving a random GUID.
建议您更新当前系统或软件至最新版,完成漏洞的修复。