Microsoft has announced the general availability of Tamper Protection, a security addition designed to protect Microsoft ATP customers against unauthorized changes to their security settings.
While there are growing attempts by bad actors to disable Windows Defender Antivirus to stop the security service all together, or turn off behavior monitoring and script scanning by going after real-time protection settings like the OnAccessProtection policies.
The tamper protection feature is designed to protect against such malicious and unauthorized changes to the security mechanisms, and thus ensure that endpoint security is maintained against malware and threats that are directed at the Enterprise.
Enabling the Tamper protection will prevent unwanted changes to security settings such as the core anti-malware scanning feature of Microsoft Defender ATP next generation protection, Cloud-delivered protection, IOAV (IE Downloads and Outlook Express Attachments initiated), and Behavior monitoring, which also works with real-time protection to analyze and determine threat scenarios.
Additionally, the Security intelligence updates used by Windows Defender Antivirus to detect latest threats are protected from modification, either by local admins or by any malicious application.
The new security feature, which has been in testing for sometime now within Windows Insider program, is a result of extensive research into modern attack patterns and the evolving threat landscape, along with consistent engagement with partners and feedback from Microsoft customers.
Tamper Protection is deployed and managed centrally through Microsoft Intune, which procedure is similar to how endpoint security settings are managed, and can be enabled for an organization, user groups or through devices.