
close
close
Tamper Protection for Microsoft Defender, the antimalware software that is built-in to Windows 10, first appeared in the Windows 10 May 2019 Update (19H1). It is designed to prevent users and malicious software from modifying registry-based settings for Defender that could make a system vulnerable to attack. You may have noticed that Tamper Protection wasn’t enabled by default in Windows 10 19H1. But that is due to change over the coming weeks as Microsoft looks to enable the setting out-of-the-box. According to a report by ZDNet’s Catalin Cimpanu, Microsoft says that starting October 14th, Tamper Protection will be enabled by default for all users in the coming weeks in a multistage rollout.
advertisment
When Microsoft Defender or Defender ATP Tamper Protection is enabled, malicious software and users won’t be able to change the following features via the registry, Group Policy, or using PowerShell:
What’s interesting about Tamper Protection is that when enabled, protected Defender features can’t be changed using Intune, System Center Configuration Manager, and Windows Management Instrumentation. Any requests to change settings will be ignored. And there won’t be any Group Policy setting allowing enterprises to enable Tamper Protection across devices. Again, according to ZDNet’s report, Microsoft says:
“When an administrator enables the policy in Microsoft Intune, the tamper protection policy is digitally signed in the backend before it’s sent to endpoints. The endpoint verifies the validity and intent, establishing that it is a signed package that only security operations personnel with Microsoft Intune admin rights can control.”
So, Tamper Protection can only be turned on/off centrally on devices managed by Microsoft Intune and where Microsoft Defender Advanced Threat Protection (ATP) E5 is deployed. Enterprises using Microsoft Defender ATP will see an alert if the status of Tamper Protection changes on a device. In addition to the requirements already mentioned for Tamper Protection, there are some more requirements if you want to manage Tamper Protection using Intune:
advertisment
Users wanting to manually enable Tamper Protection can do so using the Windows Security app in Windows 10.
Microsoft Defender Tamper Protection Now Generally Available
As I wrote recently on Petri, Microsoft has been investing heavily in security over the past several years and it appears to be paying off. And because Defender is also used as the basis for Defender ATP, which is an enterprise-class solution, it needs to be more than just ‘good enough’.
Defender won an AV-Test award in the home user category for Windows 10 malware protection for products tested in May and June 2019. Microsoft Defender came joint top with Symantec Norton Security, Kaspersky Internet Security, and F-Secure SAFE; closely followed by McAfee Internet Security Trend Micro Internet Security. Adding Tamper Protection by default only helps to increase the product’s already effective protection.
More from Russell Smith
advertisment
Petri Newsletters
Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.
advertisment
More in Windows 10
IT Admins Report Issues With Microsoft Store Version of Quick Assist App
May 16, 2022 | Rabia Noureen
This Week in IT - Windows 10 Gets Search Highlights and Is Microsoft in Hot Water Over Windows Cloud Pricing?
Apr 15, 2022 | Russell Smith
Most popular on petri
Log in to save content to your profile.
Article saved!
Access saved content from your profile page. View Saved
Join The Conversation
Create a free account today to participate in forum conversations, comment on posts and more.
Copyright ©2019 BWW Media Group