deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-21 13:23:36 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Update prevent-changes-to-security-settings-with-tamper-protection.md

Browse Source
This commit is contained in:
denisebmsft
2019-07-30 14:19:58 -07:00
parent 287d658f4f
commit 986fb417b6
1 changed files with 35 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
View File

@ -1,5 +1,5 @@
--- ---
title: Prevent security settings changes with Tamper Protection title: Protect security settings with Tamper Protection
ms.reviewer: ms.reviewer:
manager: dansimp manager: dansimp
description: Use tamper protection to prevent malicious apps from changing important security settings. description: Use tamper protection to prevent malicious apps from changing important security settings.
@ -15,36 +15,40 @@ author: dansimp
ms.author: dansimp ms.author: dansimp
--- ---
# Prevent security settings changes with tamper protection # Protect security settings with tamper protection
**Applies to:** **Applies to:**
- Windows 10 - Windows 10
Tamper Protection helps prevent malicious apps from changing important security settings. These settings include: ## Overview
- Real-time protection During some kinds of cyber attacks, bad actors try to disable security features, such as anti-virus protection, on your machines. They do this to get easier access to your data, to install malware, or to otherwise exploit your data, identity, and devices. Tamper Protection helps prevent this from occurring.
- Cloud-delivered protection
- IOfficeAntivirus (IOAV) With Tamper Protection, malicious apps are prevented from taking actions like these:
- Behavior monitoring - Disabling virus and threat protection
- Disabling real-time protection
- Turning off behavior monitoring
- Disabling IOfficeAntivirus (IOAV)
- Disabling cloud-delivered protection
- Removing security intelligence updates - Removing security intelligence updates
With Tamper Protection set to **On**, you can still change these settings in the Windows Security app. The following apps and methods can't change these settings: ## How it works
- Mobile device management (MDM) apps like Intune Tamper Protection essentially locks Microsoft Defender and prevents your security settings from being changed through apps and methods like these:
- Enterprise configuration management apps like System Center Configuration Manager (SCCM) - Configuring settings in Registry Editor on your Windows machine
- Command line instruction MpCmdRun.exe -removedefinitions -dynamicsignatures - Changing settings through PowerShell cmdlets
- Windows System Image Manager (Windows SIM) settings DisableAntiSpyware and DisableAntiMalware (used in Windows unattended setup) - Editing or removing security settings through group policies
- Group Policy - and so on.
- Other Windows Management Instrumentation (WMI) apps
The Tamper Protection setting doesn't affect how third party antivirus apps register with the Windows Security app. Tamper Protection doesn't prevent you from viewing your security settings, or your security team from viewing or changing settings for your organization. In addition, Tamper Protection doesn't affect how third-party antivirus apps register with the Windows Security app.
On computers running Windows 10 Enterprise E5, users can't change the Tamper Protection setting. > [!NOTE]
> On computers running Windows 10 Enterprise E5, users can't change the Tamper Protection setting.
Tamper Protection is set to **On** by default. If you set Tamper Protection to **Off**, you will see a yellow warning in the Windows Security app under **Virus & Threat Protection**. ## Turn Tamper Protection on (or off) in the Windows Security app
## Configure tamper protection You must have appropriate admin permissions on your machine to perform the following task.
1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**. 1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**.
2. Select **Virus & threat protection**, then select **Virus & threat protection settings**. 2. Select **Virus & threat protection**, then select **Virus & threat protection settings**.
@ -56,3 +60,10 @@ Tamper Protection is set to **On** by default. If you set Tamper Protection to *
> To help ensure that Tamper Protection doesnt interfere with third-party security products or enterprise installation scripts that modify these settings, go to **Windows Security** and update **Security intelligence** to version 1.287.60.0 or later. > To help ensure that Tamper Protection doesnt interfere with third-party security products or enterprise installation scripts that modify these settings, go to **Windows Security** and update **Security intelligence** to version 1.287.60.0 or later.
> >
> Once youve made this update, Tamper Protection will continue to protect your registry settings, and will also log attempts to modify them without returning errors. > Once youve made this update, Tamper Protection will continue to protect your registry settings, and will also log attempts to modify them without returning errors.
## Turn Tamper Protection on (or off) in the Microsoft Defender Security Center
You must have appropriate [permissions](../microsoft-defender-atp/assign-portal-access.md), such as global admin, security admin, or security operations, to perform the following task.
1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)).
2. Next to **Tamper Protection**, select **Enable**.