Windows 10 May 2019 Update brings new Tamper Protection to Windows Security, also known as Windows Defender antivirus tool. Tamper Protection is disabled by default and Windows Security says “your device is vulnerable” unless you enable it.
- How to fix the error that cannot open Windows Defender on Windows 7/8/10
- Enhance Windows 10 security with Exploit Protection
- Still using Windows 7? This is why the security should upgrade to Windows 10
What is Tamper Protection on Windows 10?
According to Microsoft, Tamper Protection helps prevent malicious applications from changing important Windows Defender Antivirus settings, including real-time protection and cloud-delivered protection. In other words, malware running on a computer can hardly disable real-time anti-virus protection and other features.
You can still manually configure the settings through the Windows Security app. In fact, when you activate Tamper Protection you won’t see any difference, which is why Microsoft recommends activating it.
One thing to note is that Tamper Protection only applies to Windows Security settings. If a third party antivirus software is used, it will not protect its installation. Some third-party anti-virus programs feature similar to Tamper Protection built in to protect its installation.
Protected settings include real-time protection, cloud-based protection, IOfficeAntivirus (IOAV), behavior monitoring, and removal of security updates. Applications cannot adjust these settings using mobile device management solutions or enterprise solutions, command line options, group policy, Windows registry and other methods.
How to enable Tamper Protection in Windows 10
Turn on Tamper Protection via Windows Security
This setting is available in the Windows Security app. To open it, search for Windows Security on the Start menu, click on the Windows Security shortcut, double-click the Windows Security shield icon in the notification area (system tray) and go to Settings> Update & Security> Windows Security> Open. Windows Security .
When you see the prompt to turn on Tamper Protection, simply click Turn On to turn it on. If you don’t see the prompt, click on the Virus & threat protection icon with a shield image.
Click the Manage Settings link under Virus & threat protection settings .
Locate the Tamper Protection setting and click the switch to switch from Off to On . If you want to disable Tamper Protection, you can disable it from here.
Turn on Tamper protection by editing the registry
This setting can also be activated through the registry. It is under the following key:
TamperProtection here is the DWORD value. Set to 0 to disable Tamper Protection or 1 to enable Tamper Protection.
We recommend that you enable this option on all of your Windows 10 computers.
Turn Tamper protection on for organizations using Intune
If you’re using Intune, ie the Microsoft 365 Device Management Portal, you can use it to enable Tamper Protection. In addition to having the appropriate permissions, you need to meet the following:
If you are a member of your organization’s security group, you can enable (or disable) Tamper Protection for your organization in the Microsoft 365 Device Management Portal (Intune), assuming your organization has Microsoft Defender Advanced Threat Protection. (Microsoft Defender ATP):
Your organization must have Microsoft Defender ATP E5, managed by Intune and running Windows OS 1903 or higher.
Windows Security with security info updated to version 1.287.60.0 (or higher).
– Your machine must be running anti-malware platform version 4.18.1906.3 (or higher) and anti-malware engine version 1.1.15500.X (or higher)
Now follow these steps to enable Tamper Protection:
1. Go to the Microsoft 365 Device Management Portal and sign in with your work or school account.
2. Select Device configuration> Profiles .
3. Create a profile that includes the following settings:
- Platform: Windows 10 and above
- ProfileType: Endpoint protection
- Settings> Windows Defender Security Center> Tamper Protection : Configure the option to be On.
4. Assign a profile to one or more groups
Whenever a change occurs, an alert will be displayed on the Security Center . Security groups can filter from the logs by following the text below:
AlertEvents | where Title == "Tamper Protection bypass"
There is no Group Policy Object for Tamper Protection
Finally, no Group Policy is available to manage multiple computers. A Microsoft note clearly states that:
“Your normal Group Policy does not apply to Tamper Protection and changes to Windows Defender Antivirus settings will be ignored when Tamper Protection is enabled.”
You can use the registry method for multiple computers, by remotely connecting to that computer and deploying changes.
I wish you all success!