New Tamper protection in Microsoft Defender ATP for Windows 10

  1. Brink's Avatar
    Posts : 38,855
    64-bit Windows 10 Pro build 18898
       #1

    New Tamper protection in Microsoft Defender ATP for Windows 10


    We are committed to making our solutions resistant to attacks and continuously working towards raising the bar in security. In this blog were covering a key feature of our tampering protection strategies, which build on our previously announced Windows Defender Antivirus sandboxing capability.

    Tamper protection is a new setting available in the Windows Security app which provides additional protections against changes to key security features, including limiting changes that are not made directly through the app.

    If you are a home user, you can toggle the setting from the Virus & threat protection settings area in the app. For enterprise environments, the setting can be managed centrally through the Intune management portal.

    Were continuing to work on the feature, but the current version of the setting is available to Windows Insiders today. The full functionality of the feature (including support for enterprise-level management) will be released along with the upcoming release of Windows 10.



    Enabling this feature prevents others (including malicious apps) from changing important protection features such as:

    • Real-time protection, which is the core antimalware scanning feature of Microsoft Defender ATP next gen protection and should rarely, if ever, be disabled
    • Cloud-delivered protection, which uses our cloud-based detection and prevention services to block never-before seen malware within seconds
    • IOAV, which handles the detection of suspicious files from the Internet
    • Behavior monitoring, which works with real-time protection to analyze and determine if active processes are behaving in a suspicious or malicious way and blocks them

    The feature also prevents the deletion of security intelligence updates and the disabling of the entire antimalware solution.

    For Windows home users, the feature will be On by default when Windows is installed. If you are upgrading and Cloud-delivered protection is enabled, then the tampering protection feature will also be turned On.

    For enterprise customers (such as those with a Microsoft Defender ATP license), this feature will be opt-in and can only be managed from the Intune management console. Local device admin users will not be able to change the setting. This ensures that even malicious apps or malicious actors cant locally override the setting. Note that enterprise management is not available in current preview versions of Windows 10, but well be bringing it to preview shortly.



    Now in limited preview

    Were continuing to work on this feature, and you can test it out now on any recent Windows Insider build released during March 2019 or later. If youd like to test this feature, please send us feedback via the Feedback Hub, or email us at wdcustomer@microsoft.com.

    Wed love to have you on the journey so we can use your feedback and insights to deliver strong protection across platforms.

    Not yet reaping the benefits of Microsoft Defender ATPs industry-leading optics and detection capabilities? Sign up for free trial today.


    Source: Tamper protection in Microsoft Defender ATP - Microsoft Tech Community - 389571

      My ComputersSystem Spec

  2.    #1

    It would sure be nice to be able to toggle Windows Defender real time protection with a key sequence instead of having to jump thru several menu screens just to get to the on/off switch. The point being it is clumsy when active while gaming and exclusion(s) are a mystery to get working properly so I turn it off while single player gaming. When I'm done gaming and ready to go back to the web, I like to turn it back on. A Windows key sequence would really be useful in this case.
      My ComputerSystem Spec

  3. Brink's Avatar
    Posts : 38,855
    64-bit Windows 10 Pro build 18898
    Thread Starter
       #2

    GrayLensman said: View Post
    It would sure be nice to be able to toggle Windows Defender real time protection with a key sequence instead of having to jump thru several menu screens just to get to the on/off switch. The point being it is clumsy when active while gaming and exclusion(s) are a mystery to get working properly so I turn it off while single player gaming. When I'm done gaming and ready to go back to the web, I like to turn it back on. A Windows key sequence would really be useful in this case.

    Hello Gray,

    If you like, you could probably create shortcuts using the commands from Option 4 or 5 in the tutorial below that can be used to easily turn on/off Windows Defender Antivirus real-time protection as needed.

    Turn On or Off Windows Defender Real-time Protection in Windows 10 | Tutorials
      My ComputersSystem Spec

  4. Ztruker's Avatar
    Posts : 7,815
    Windows 10 Pro X64 1809 17763.437
       #3

    Where is this Tamper Protection? I'm on Win 10 Pro 18875.1000 but I don't see it.
      My ComputersSystem Spec

  5. rseiler's Avatar
    Posts : 187
    Windows 10 Enterprise x64 (Insider)
       #4

    It's in that specific Virus & Threat protection settings section shown in the screenshot, It's a subsection of the Dashboard.
      My ComputerSystem Spec

  6. Ztruker's Avatar
    Posts : 7,815
    Windows 10 Pro X64 1809 17763.437
       #5

    That's where I looked but it's not there. Is this another one of those A/B things?
      My ComputersSystem Spec

  7. Ztruker's Avatar
    Posts : 7,815
    Windows 10 Pro X64 1809 17763.437
       #6

    Okay, found it, not obvious:

    Settings
    Update & Security
    Windows Security
    Click the Open Windows Security button at top
    Click on Virus & Threat protection.
    Under Virus & Threat protection settings, click on Manage settings.

    Tamper protection is about halfway down and default is On.

    Easy way: Click on Start, type tamper, click on Tamper Protection
      My ComputersSystem Spec

  8.    #7

    Brink said: View Post
    Hello Gray,

    If you like, you could probably create shortcuts using the commands from Option 4 or 5 in the tutorial below that can be used to easily turn on/off Windows Defender Antivirus real-time protection as needed.

    Turn On or Off Windows Defender Real-time Protection in Windows 10 | Tutorials
    I still don't see how to assign real-time protection to a keyboard key toggle. All I see is different ways to get to it, including through the command line. My suggestion was more for the developers to read and build such a keyboard key toggle into the default Windows 10 installation instead of individual users (novices and experienced alike) having to independently modify their own individual installation.
      My ComputerSystem Spec

  9. Brink's Avatar
    Posts : 38,855
    64-bit Windows 10 Pro build 18898
    Thread Starter
       #8

    Gray,

    You should be able to create say two .bat files to run the commands to toggle this on/off.

    Next, create a shortcut for the .bat files on your desktop, and assign a keyboard shortcut to the shortcuts.
      My ComputersSystem Spec


 

Related Threads
How to Turn On or Off Tamper Protection for Windows Defender Antivirus in Windows 10 Starting with Windows 10 build 18305, Microsoft introduced Tamper Protection. Tamper Protection is a new setting from Windows Defender Antivirus, available...
Win 10 1803 Account Protection in Windows Defender in AntiVirus, Firewalls and System Security
Account protection is asking me to log into my MS account for enhanced security. It appears to want to change my local account to a MS account also. What's new here? I take it's easy enough to switch back to a local account after the sign in? ...
Windows Defender PUA/PUP protection is too picky in AntiVirus, Firewalls and System Security
Today WD deleted Wagnard's DDU saying it was a non safe application. I had to run the GUI interface to be able to recover it from quarantine. How could inform MS that this is a false positive?
Does Windows Defender Exploit Protection log anywhere? in AntiVirus, Firewalls and System Security
I've used EMET quite a bit in the past. I recently started using the Fall Creators Update "Exploit Protection" feature. I have the settings as aggressive as possible, and I'm not changing them. This post is not asking what Exploit Protection...
How to juggle several protection programs and use Windows Defender in AntiVirus, Firewalls and System Security
I have Malwarebytes, CCleaner, Adwcleaner, CryptoPrevent, and Windows Firewall active on my portable PC (with Windows 10, fully updated.) Recently had Free Avast, but it was using too much CPU, so I deleted it. I'd like to use Windows Defender as...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 14:23.
Find Us