deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 14:27:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Update prevent-changes-to-security-settings-with-tamper-protection.md

Browse Source
This commit is contained in:
Denise Vangel-MSFT 2020-01-16 07:55:35 -08:00
parent 12927eb7d6
commit 0b67e1329c
1 changed files with 1 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
View File

@ -119,7 +119,7 @@ Here's what you see in the Windows Security app:
### Are you using Windows OS 1709, 1803, or 1809? ### Are you using Windows OS 1709, 1803, or 1809?
If you are using Windows OS [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709), [1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803), or [1809](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019), you won't see **Tamper Protection** in the Windows Security app. In this case, the one of the following procedures to determine whether tamper protection is enabled. If you are using Windows OS [1709](https://docs.microsoft.com/windows/release-information/status-windows-10-1709), [1803](https://docs.microsoft.com/windows/release-information/status-windows-10-1803), or [1809](https://docs.microsoft.com/windows/release-information/status-windows-10-1809-and-windows-server-2019), you won't see **Tamper Protection** in the Windows Security app. In this case, you can use PowerShell to determine whether tamper protection is enabled.
#### Use PowerShell to determine whether tamper protection is turned #### Use PowerShell to determine whether tamper protection is turned
@ -129,16 +129,6 @@ If you are using Windows OS [1709](https://docs.microsoft.com/windows/release-in
3. In the list of results, look for `IsTamperProtected`. (A value of *true* means tamper protection is enabled.) 3. In the list of results, look for `IsTamperProtected`. (A value of *true* means tamper protection is enabled.)
#### View a registry key value to determine whether tamper protection is turned on
1. Open the Registry Editor app.
2. Go to **HKEY_LOCAL_MACHINE** > **SOFTWARE** > **Microsoft** > **Windows Defender** > **Features**.
3. Look for an entry of **TamperProtection** of type **REG_DWORD**, with a value of **0x5**.<br/>
- If you see **TamperProtection** with a value of **0**, tamper protection is not turned on.
- If you do not see **TamperProtection** at all, tamper protection is not turned on.
## View information about tampering attempts ## View information about tampering attempts
Tampering attempts typically indicate bigger cyberattacks. Bad actors try to change security settings as a way to persist and stay undetected. If you're part of your organization's security team, you can view information about such attempts, and then take appropriate actions to mitigate threats. Tampering attempts typically indicate bigger cyberattacks. Bad actors try to change security settings as a way to persist and stay undetected. If you're part of your organization's security team, you can view information about such attempts, and then take appropriate actions to mitigate threats.