Microsoft enables Tamper Protection on Windows 10 for all Home users
Microsoft unveiled a new security feature called Tamper Protection for the company's Windows Defender Antivirus solution in December 2018.
Tamper Protection, as the name suggests, protects certain security features from tampering. One of the barriers that Tamper Protection puts in place around security features blocks manipulations of setting changes that are made outside of the official Settings application.
Attackers may attempt to disable real-time protections or certain security features and Tamper Protection was designed to prevent these changes from being made successfully.
Microsoft did not reveal much about the feature when it launched it in December 2018 but a new blog post on the official Tech Community website provides additional insight and the news that the security feature is being rolled out to all Home installations of Windows 10 that run the current feature update version Windows 10 version 1903.
Previously, Tamper Protection was only available for business customers but Microsoft decided to enable it by default on all Home systems as well.
Tamper Protection helps against manipulation of the operating system's real-time protection, cloud-delivered protection, the detection of suspicious Internet files, behavior monitoring, and security intelligence updates among other things according to Microsoft.
Enterprise customers may configure Tamper Protection through Microsoft Intune; Home users find the option in the Windows Security application on their devices.
Microsoft notes that the feature is being rolled out to systems over time; some users may see the new option already, others may not see it yet.
Tamper Protection configuration
Here is how you enable or disable the new feature on Windows 10 home devices:
- Make sure that the operating system version is Windows 10 version 1903 or newer.
- Use the keyboard shortcut Windows-I to open the Settings application.
- Select Update & Security > Windows Security.
- Activate the "open Windows Security" button with a click.
- Select Virus & threat protection settings.
- Click on "Manage settings" under Virus & threat protection settings.
- Tamper Protection is listed on the page. Just toggle the feature on or off using the slider.
Tip: You may also enable the feature in the Registry. Open the Registry Editor on the system and go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features. Locate the TamperProtection setting there and set it to 4 (off) or 5 (on). Note that you need to restart the system or log off and on again before the change takes effect.
Microsoft revealed plans to improve the Tamper Protection feature in the future and bring it to older versions of the Windows 10 operating system as well.
Now You: Is Tamper Protection a useful security feature? What's your take on it? (via Deskmodder)
If the Tamper Protection setting is On, you won’t be able to turn off the Windows Defender Antivirus service by using the DisableAntiSpyware group policy key.
Sounds like a well-packaged way to stop non-techy users from installing software that stops M$ from phoning home
Tinfoilhatters gonna tinfoilhat.
Is Microsoft switching Temper Protection remotely or does it switch on via an monthly update ?
There is no KB for switching Temper Protection – on.
I don’t know, my guess is remotely.
Hi. Im on the last 1903 version (18362.418), and the registry values for Tamper Protection are 4 (off) and 5 (on). Not sure if this differs among different versions.
You are right, Microsoft seems to have changed these. I have edited the guide.
Your instructions are a little different that the actual screens. After step 5 when you click on Virus & Threat Protection scroll down to Virus & Threat Protection Settings and click the link that says Manage Settings. On the page that opens you scroll down to Tamper Protection and toggle it on or off.
Dan, thanks, you are right. Added the step.
For those that still doubt that MS has full remote access to any file on your PC: Automatic sample submission.
Since forever, all AV software has wanted a sample of files throwing up red flags.
“Since forever, all AV software has wanted a sample of files throwing up red flags.”
That’s true but it does not mean that they’re right to do it without an opt in consent. In the same category, the download protection part of “safebrowsing” that is enabled by default in Firefox tells to Google the file name and URL of about half of the files you download (even when they don’t throw any red flag). The security excuse does not justify those attacks on privacy.
yeah.. remember how kaspersky got the nsa stuff?
I found the setting apparently enabled by default on my home laptop at Microsoft Windows [Version 10.0.18362.418].
As an aside, under Chrome Extensions I still run Windows Defender Browser Protection extension from the Chrome Web Store:
On
Description
Protect yourself against online threats, like phishing and malicious websites, with real-time protection from Microsoft.
Version
1.651
Is this still useful? I assume since it was updated June 17, 2019 it still has a place in the US scheme of things.
are third party security software compatible with tamper protection?
Do you mean Enterprise applications? I don’t think that third-party antivirus solutions are affected by this negatively.
i mean 3rd party stuff.. for home user, since it’ll be available for home users..