Microsoft enables Tamper Protection by default in Windows 10
Assuming you have Windows 10 1903 (Windows 10 May 2019 Update) installed, you should find that you now have Tamper Protection enabled.
Microsoft has announced that the security feature is now generally available for Microsoft Defender ATP customers, and at the same time it has enabled the feature by default for all Windows 10 users. But just what is Tamper Protection?
- How to avoid Microsoft's problematic Windows 10 updates
- You won't be surprised to learn that yet another update is causing Windows 10 problems
- KB4517211 update is breaking search and VMWare Workstation in Windows 10
With the feature enabled, Windows 10 blocks apps, scripts and programs from making changes to system security settings and Microsoft Defender. This means that settings can only be adjusted through official, direct methods, and it offers effective protection from viruses and other types of malicious software, preventing them from making unwanted changes that would reduce system security.
Tamper protection prevents unwanted changes to security settings on devices. With this protection in place, customers can mitigate malware and threats that attempt to disable security protection features. Here are some examples of services and settings that are protected from modification, either by local admins or by malicious applications:
- Real-time protection, which is the core antimalware scanning feature of Microsoft Defender ATP next generation protection and should rarely, if ever, be disabled
- Cloud-delivered protection, which uses our cloud-based detection and prevention services to block never-before-seen malware within seconds
- IOAV (IE Downloads and Outlook Express Attachments initiated), which handles the detection of suspicious files from the Internet
- Behavior monitoring, which works with real-time protection to analyze and determine whether active processes are behaving in a suspicious or malicious way, and then blocks them
- Security intelligence updates, which Windows Defender Antivirus uses to detect the latest threats
Enterprise users can check the status of Tamper Protection in Microsoft Intune, while home users can open up the Windows Security app to check that the setting is enabled.