Windows 10 1903: Windows Defender Antivirus gets Tamper Protection feature
Microsoft released a new preview build of the upcoming first feature update of 2019 for Windows 10; the new build, the last for this year according to Microsoft, introduced a number of interesting new features and changes to the operating system.
We covered Windows Sandbox, a new sandboxing feature, earlier today already. It is integrated in all Pro and Enterprise editions of Windows 10 and can be used without installation of virtual machine images or third-party software.
Another new security related feature protects Windows Defender Antivirus from tampering.
Tamper Protection's description provides some insight on what it does:
Prevents others from tampering with important security features.
The feature itself lacks additional information, but Microsoft revealed additional tidbits on the Windows Experience blog:
Tamper Protection is a new setting from Windows Defender Antivirus, available in the Windows Security app, which when on, provides additional protections against changes to key security features, including limiting changes which are not made directly through the Windows Security app.
Tamper Protection prevents certain changes to security features to avoid misuse. Malicious applications could change security settings but with tamper protection in place, these setting changes should be blocked by Tamper Protection.
Microsoft reveals little else: we know just one scenario where changes are blocked if Tamper Protection is enabled but there are more.
How to enable or disable Tamper Protection
- Use the shortcut Windows-I to open the Settings application.
- Go to Windows Security > Virus & Threat Protection > Virus & Threat Protection Settings > Manage Settings.
- Toggle Tamper Protection on or off.
The feature was turned on in the Insider Build version of Windows 10 the feature launched in. It is likely that it will be enabled in the release version as well.
Disabling may be useful if you use third-party software such as Configure Defender which may be blocked from making changes to Windows Defender after you upgrade Windows 10 the 2019 feature update for Windows 10.
The following Registry key determines whether the feature is enabled or disabled:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features
- 0: Tamper Protection is disabled.
- 1: Tamper Protection is enabled.
The lack of information makes it difficult to judge how effective the new protective feature is. It remains to be seen how effective the new protective feature is.
Tampering Protection did not prevent any of the changes that I made using Configure Defender.
Now You: Which security solution do you use on Windows? Does it have tamper protection?
I use my brain. Idk if it has tamper protection though, it starts acting funny after a couple of drinks :S
Good that they added tamper protection but it’s pathetic that it didn’t already have tamper protection all this time. Haven’t other AV’s offered tamper protection for like a decade or more now?
Then again, it’s also pathetic that you have to still use an AV with Windows, whereas my Mac and Linux installs require none and are built on a better, modular, UNIX design which is inherently more secure.
Really? There’s no Mac malware?
Oh, right, that’s a falsehood:
A Mac APT (Advanced Persistent Threat, more or less a rootkit) went undetected for **four months.**
The U.S. Homegrown Microshyyt Chicom Maoist’s don’t want anyone tampering with anything…They prefer to “Baffle the Rubes with BS” as a Sales Model…and a Tamper Proof Huawei styled product with State Sanctioned Back Doors is just what the their globalist
Masta’s of Disasta want…
Screw WinBlows10…Use a locked down Win7
if Tamper Protection means not every app being able to easily add anything to the Windows Firewall, I am all for it. otherwise it is probably just more headache when you want to use apps like Shutup10 to disable crap.
Noticed on my clean install of 1903 that it was off. Was that because I used a Local account and no password? I turned it on in settings and seemed to stay on..
Same here, local account and no password at creation (set it later to avoid the security questions BS) and it was also off by default.
I actually found this post because I looked it up after reading that it “is on by default” (which it isn’t).
Didn’t stop mine turning off. It got disabled by a trojan in march 2019…â€¦.had to re-install windows to turn it back on!
“1: Tamper Protection is enabled.”
This should be 5 not 1.
In Windows 10 ver 1903, Tamper Protection can not be changes
In Windows 10 ver 1903, Tamper Protection can not be changes, please assist me, thanks