Yes you should password protect AV, Firewall, and all other security software.
I've noticed a shift from attackers, instead of disabling/uninstalling AV completely, they turn on silent mode/gaming mode and that basically turns off the AV without raising indicators of compromise. It's hard to notice this change because you have to check the AV logs to notice, if gaming mode/silent mode is activated in some software there is no popup.
The first thing a attacker will do is try to escalate to admin, even standard user account is useless against local privesc. Then they will try and drop files and drivers to disk for persistence, then progress to take over firewall controls/settings to allow a RAT/Backdoor/RDP.
Trend Micro here is password protected but I was able to enable "Mute Mode" and it did not ask for password!