{"id":9163,"date":"2019-03-29T00:05:00","date_gmt":"2019-03-28T23:05:00","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=9163"},"modified":"2022-12-09T17:14:16","modified_gmt":"2022-12-09T16:14:16","slug":"windows-10-v1903-get-windows-defender-tamper-protection","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2019\/03\/29\/windows-10-v1903-get-windows-defender-tamper-protection\/","title":{"rendered":"Windows 10 V1903 get Windows Defender Tamper-Protection"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"http:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/01\/win102.jpg\" width=\"58\" align=\"left\" height=\"58\">[<a href=\"https:\/\/www.borncity.com\/blog\/2019\/03\/28\/potentielle-gpo-probleme-mit-windows-defender-tamper-protection\/\" target=\"_blank\" rel=\"noopener noreferrer\">German<\/a>]In Windows 10 V1903, Windows Defender receives tamper protection. Here are a few details, what this is and how it affects administrators in enterprise environments. <\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/vg05.met.vgwort.de\/na\/2402b830d0f044edbff66e31e3fbeda0\" width=\"1\" height=\"1\">Microsoft has just introduced <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/Windows-Defender-ATP\/Tamper-protection-in-Microsoft-Defender-ATP\/ba-p\/389571\" target=\"_blank\" rel=\"noopener noreferrer\">Windows Defender Tamper Protection<\/a> again and released some more details (I became aware about the new article <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/microsoft-defender-atp-adds-tamper-protection\/\" target=\"_blank\" rel=\"noopener noreferrer\">via<\/a>). <\/p>\n<h2>What is Defender Tamper Protection?<\/h2>\n<p>Microsoft intends to protect the Windows Defender included in Windows 10 against malware tampering. It should not be possible for a malicious program to switch off Windows Defender. The Insider Previews (Build 18305 and later) of Windows 10 V1903 introduced the so-called Windows Defender Tamper Protection (see <a href=\"https:\/\/blogs.windows.com\/windowsexperience\/2018\/12\/19\/announcing-windows-10-insider-preview-build-18305\/#RtggdTh3VfmP8vrk.97\" target=\"_blank\" rel=\"noopener noreferrer\">this article<\/a> on Preview Build 18305 in the Windows Blog). Martin Brinkmann from ghacks.net reported briefly about this new feature in <a href=\"https:\/\/web.archive.org\/web\/20220701142403\/https:\/\/www.ghacks.net\/2018\/12\/19\/windows-10-1903-windows-defender-antivirus-gets-tamper-protection-feature\/\" target=\"_blank\" rel=\"noopener noreferrer\">this article<\/a> in December 2018.&nbsp; <\/p>\n<p><img loading=\"lazy\" decoding=\"async\" title=\"Windows Defender Tamper Protection\" alt=\"Windows Defender Tamper Protection\" src=\"https:\/\/www.ghacks.net\/wp-content\/uploads\/2018\/12\/tamper-protection-windows-10.png\" width=\"588\" height=\"447\"><br \/>(Windows Defender Tamper Protection, Source: <a href=\"https:\/\/web.archive.org\/web\/20220701142403\/https:\/\/www.ghacks.net\/2018\/12\/19\/windows-10-1903-windows-defender-antivirus-gets-tamper-protection-feature\/\" target=\"_blank\" rel=\"noopener noreferrer\">Ghacks.net<\/a>)<\/p>\n<p>Also <a href=\"https:\/\/www.tenforums.com\/tutorials\/123792-turn-off-tamper-protection-windows-defender-antivirus.html\" target=\"_blank\" rel=\"noopener noreferrer\">this tensforum post<\/a> discusses the question of how to switch this function on or off. Microsoft has published in Feb. 2019 the article <a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4490103\/windows-10-prevent-changes-to-security-settings-with-tamper-protection\" target=\"_blank\" rel=\"noopener noreferrer\">Prevent changes to security settings with Tamper Protection<\/a>. They wrote about Windows 10:<\/p>\n<blockquote>\n<p>Tamper Protection in Windows Security helps prevent malicious apps from changing important Windows Defender Antivirus settings, including real-time protection and cloud-delivered protection. If Tamper Protection is turned on and you're an administrator on your computer, you can still change these settings in the Windows Security app. However, other apps can't change these settings.<\/p>\n<\/blockquote>\n<p>Tamper Protection is turned on by default. If you turn off Tamper Protection, you will see a yellow warning in the Windows Security app under Virus &amp; threat protection. Tamper Protection doesn't affect how third-party antivirus apps work or how they register with Windows Security.<\/p>\n<h2>More details about Windows Defender Tamper Protection<\/h2>\n<p>Microsoft's Eric Avena provided now more details within the blog post <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/Windows-Defender-ATP\/Tamper-protection-in-Microsoft-Defender-ATP\/ba-p\/389571\" target=\"_blank\" rel=\"noopener noreferrer\">Tamper protection in Microsoft Defender ATP<\/a>. <\/p>\n<blockquote>\n<p>Tamper protection is a new setting available in the Windows Security app which provides additional protections against changes to key security features, including limiting changes that are not made directly through the app.<\/p>\n<\/blockquote>\n<p>Then Eric Avena describes, who can switch the Tamper Protection status and what's the default settings:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" title=\"Defender Tamper protection\" alt=\"Defender Tamper protection\" src=\"https:\/\/gxcuf89792.i.lithium.com\/t5\/image\/serverpage\/image-id\/100287iA445E1254049AE5C\/image-size\/large?v=1.0&amp;px=999\" width=\"606\" height=\"612\"><br \/>(Defender options for Tamper protection, Source Microsoft)<\/p>\n<ul>\n<li>Home users can toggle the setting from the <em>Virus &amp; threat protection <\/em>settings area in the settings app.\n<li>For enterprise environments, the setting can be managed centrally through the Intune management portal. There is also an opt-in required for these environments. <\/li>\n<\/ul>\n<p>Enabling this feature prevents other (including malicious applications) important protection features such as:<\/p>\n<ul>\n<li>disable the real-time protection, which is the core feature of Microsoft Defender ATP Next-Gen protection,\n<li>disable the Cloud-delivered protection, which uses Microsoft's cloud-based detection and prevention services to block never-before seen malware within seconds\n<li>disable the IOAV protection (stand probably for Internet On-demand Antivirus, see <a href=\"https:\/\/answers.microsoft.com\/en-us\/protect\/forum\/all\/virus-scanning\/80b38438-444a-44ea-a93b-493bda55a89c\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a>), die die Erkennung verd\u00e4chtiger Dateien aus dem Internet \u00fcbernimmt,\n<li>disable the behavior monitoring, which uses real-time protection to analyze and determine whether active processes are behaving suspiciously or maliciously and blocking them.<\/li>\n<\/ul>\n<p>The feature also prevents Security Intelligence updates from being deleted and the entire anti-malware solution from being deactivated. The feature is currently undergoing a limited preview test. Microsoft writes that the feature is supported by the current Windows Insider Build from March 2019 or later published builds. If you want to test the function, you can contact Microsoft via the Feedback Hub. <\/p>\n<h2>Collision with Group Policy?<\/h2>\n<p>German blog reader David Xanatos informed me a few days ago about an observation with Tamper Protection. David wrote:<\/p>\n<blockquote>\n<p>In the new Windows Build 1903, Windows Defender has a new Defender Tamper Protection feature. <\/p>\n<p>The problem is that as long as [Tamper Protection] is active, it seems that it is not possible to turn off Windows Defender via GPO.<\/p>\n<\/blockquote>\n<p>David used the GPO \"Turn Off Windows Defender Antivirus\". Maybe Microsoft provides another GPO to turn off Tamper Protection, so Windows Defender GPOs are working again. The Microsoft blog post doesn't answers these questions \u2013 so let's wait what the final of Windows 10 V1903 brings within this area. Administrators should keep an eye on this feature. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]In Windows 10 V1903, Windows Defender receives tamper protection. Here are a few details, what this is and how it affects administrators in enterprise environments.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,2],"tags":[105],"class_list":["post-9163","post","type-post","status-publish","format-standard","hentry","category-security","category-windows","tag-windows-defender"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/9163","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=9163"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/9163\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=9163"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=9163"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=9163"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}