Microsoft opens Tamper protection features to Microsoft Defender Advanced Threat Protection (ATP) customers

Tamper protection is a security feature added by Microsoft through Windows Defender to prevent malware from tampering with security software or system security settings. For home users who upgrade to Windows 10 Version 1903 and later, they can open the tamper-proof function directly in the Microsoft Security Center. Now Microsoft has announced that enterprise users who use Microsoft Defender ATP can also configure and manage tamper protection features through enterprise IT administrators.

Tamper protection is a new feature introduced by Microsoft based on anti-virus software-related settings that automatically prevent malware or other software from modifying anti-virus related settings.

Here are some examples of services and settings that are protected from modification, either by local admins or by malicious applications:

1. Real-time protection, which is the core antimalware scanning feature of Microsoft Defender ATP next generation protection and should rarely, if ever, be disabled
2. Cloud-delivered protection, which uses our cloud-based detection and prevention services to block never-before-seen malware within seconds
3. IOAV (IE Downloads and Outlook Express Attachments initiated), which handles the detection of suspicious files from the Internet
4. Behavior monitoring, which works with real-time protection to analyze and determine whether active processes are behaving in a suspicious or malicious way, and then blocks them
5. Security intelligence updates, which Windows Defender Antivirus uses to detect the latest threats

Tamper protection feature for the enterprise is more comprehensive than the rules of the home user. For example, the administrator can turn the tamper-proof function on by group policy and prohibit employee modification.

In addition, the system automatically monitors the attempts to turn off tamper-proof or other security features and issue security alerts and escalations to corporate administrators for processing.

This allows the enterprise administrator to check for a specific computer immediately if they receive a warning to see if they are infected with malware and what they are doing. Microsoft hopes to help companies respond to threats at any time.