On the assumption that you've had admin rights removed from you (thereby you are now unable to turn off realtime protection without calling someone else who'd be expected to be inflexible, to request it):
Also, on the assumption that you've got your Windows installation discs (and your VT suite discs depending on how you implement the split):
So you could install Windows again in a different directory to C:\Windows and select which one it is at boot time.
The VT suite isn't completely wrapped around the registry for the large part of the entirely NewTek written elements. The main benefit being to drop the right bits on your desktop or into Programs/Program Files/All Programs. Personally, I'd also re-install the VT suite on the 2nd instance - but you needn't if you couldn't.
So what remains to be solved to satisy I.T. ?
Well, I'd give the machine limited visibility on the realtime tuned version. For this you might need to gather some information and adjust the Internet Protocol filters on the machine.
1. Remove your default-gateway and move to a static IP configuration.
2. Add a manual DNS
(the above may need to be gleaned from what you receive via DHCP (ipconfig /all from cmd.exe should be useful here. You need your IP, your DNS, your gateway).
You'll need routes now.
route add dns1-ip(w.x.y.z) gateway-ip(a.b.c.d) -p
route add streaming-host-ip gateway-ip(a.b.c.d) -p
You could still receive spurrious packets from anywhere on your intranet and you could still engage in a networking dialog with anyone in your same IP subnet. For which you could adjust the basic windows packet filter. If you use TCP80 or a specific UDP port for streaming then you can block everything else except UDP/TCP port 53 (DNS-lookup). The packet filter always is running anyway (no change) and dropping packets is usually low in overheads compared to other protection mechanisms.
If you can't fathom IP filters you could make your IP mask 255.255.255.252 and add a route to your gateway-ip via your (now static) IP address. This mask would extend the risk of another PC at your facility infecting you or vice versa to just just the three adjacent IP addresses in this pseudo subnet.
Windows updates would be a problem but you might be able to get the latest patch version of your Windows OS from your IT department.
-------------------------------
It is probably a dismissable offence to not clear this with the powers that be. Now, I've faced many IP security problems that have become completely moot when I've simply mentioned that I was using X.25 (even without encryption on the line). So you might be missing another trick here! It maybe that you could go completely off the ethernet at your facility and instead have the facilities people there rent and convert your VT-output to a DVB-ASI leased line access into their point of presence (often an end-point in an MPLS network cloud) that doesn't use IP at all. Then have the rebroadcaster ingest that. You may need a DS3(colloquially, T3) or OC3-c or higher speed line depending on the rebroadcasters DVB requirements. Your end may already have the capacity to add such a port/channel onto something already at your site, so a keen price maybe possible at your end of things. It would likely restrict you to a smaller number of Internet rebroadcasters.
(Or you could in the same 'separacy' vein, use Todocast but you'd probably have to hand over the protection side of things to your IT department as the Internet Protocol is probably the nature of the beast with that also).
This needn't be about being devious, rather you'll be working towards a risk free harmony with other office automation technologies. It can just seem that way when you've been brow beaten before you pick yourself up to try to work with these security responsible individuals.