I imagine you could get persistence with a script by changing some User space autorun registry entry to launch the scripted file. But this will first load the scripting program, which would make it quite "non-stealth". Unless the program can be launched with command line switches that "stealth" it (which would be a major security flaw imo). So I would say that anti-executables protect against "not completely obvious persistence". By rights management, rather than UAC (which I assume as a bare minimum these days), there would be further privilege restriction eg firewall, Chrome's tabs, firewall, Sandboxie, DefenseWall. I used to include anti keylogging in there, but not since I learned how useless these are (i.e. see here).