Thank you for the information.
The claim from the client's Windows admin is.. well.. that's it.. his claim. Of course, I am not buying just of his word. That's why the client brought in my company to do the external pen-test from outside perspective.
About the HDD encryption, basically this is what I see (using the test laptop I have)
1) COLD BOOT (machine off)
a. Turn on laptop
b. No BIOS is presented, only PointSec login screen
c. Enter PointSec username and password
d. Boot immediately to Windows. They use SSO in PointSec, so no need to enter Windows username and password for a second time.
2) FROM SLEEP or RESTART
In this manner, then I can see the BIOS prompt to force the laptop to boot to CD. However, the HDD is still encrypted.
I have removed the HDD, put it in an USB enclosure, and tried to access it from another computer, but the HDD is still encrypted. In Windows, it will show up as unformatted HDD, in Mac, it'll show up as "NTFS Compressed" but cannot be mounted. In BT, it just won't recognized. So this was my original thinking that BT cannot be used for direct pen-test with an encrypted HDD.
About the AV, Firewall and Spyware, yes, outbound communication is allowed. I have tested several connection, such as HTTP, HTTPS, telnet, ssh and FTP and they all work.
The McAffee processes cannot be disabledů. so far. I tried from command line and task manager, even from Windows Services and no go. I'll research more on McAfee (disabling services, etc.)
In term of patching, they're pretty good. They use Altiris to manage application and OS patches. They actually disable non-essential software, such as Adobe PDF and Flash. Even running Windows Defragmenter is not allowed under normal Windows user account.