News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Microsoft is enabling Win10 version 1903 “Tamper Protection”

    Home Forums AskWoody blog Microsoft is enabling Win10 version 1903 “Tamper Protection”

    This topic contains 27 replies, has 11 voices, and was last updated by  anonymous 4 weeks ago.

    • Author
      Posts
    • #1981824 Reply

      woody
      Da Boss

      Yesterday, Microsoft program manager Shweta Jha posted an announcement on the Microsoft Tech Community blog, saying that a feature called “Tamper prot
      [See the full post at: Microsoft is enabling Win10 version 1903 “Tamper Protection”]

      1 user thanked author for this post.
    • #1981876 Reply

      gpmartens1
      AskWoody Plus

      You could also take that to mean they’re trying to restrict users from loading and using other security software in place of Defender.

      • #1981888 Reply

        doriel
        AskWoody Lounger

        I think this is more like “security hole cover”. But I cant find any KB number in any attached article. How this will be distributed to users?

        I have not failed. I've just found 10,000 ways that won't work.
        --- Thomas A. Edison

      • #1982143 Reply

        b
        AskWoody Plus

        You could also take that to mean they’re trying to restrict users from loading and using other security software in place of Defender.

        Only if you believe without any evidence that Microsoft is evil. Why would they do that when Windows Defender is free and included with Windows 10? They aren’t losing money by continuing to allow 3rd party antivirus to be installed:

        “We are working with 3rd party partnership eco-system to ensure only AM, PPL signed AV can register with Windows Security App. That way we will be able to allow only legit AV on your system. Currently tamper protection is not blocking 3rd party AV registration with Windows Security App.”
        (Microsoft program manager Shweta Jha, author of originating article)
        https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/Tamper-protection-now-generally-available-for-Microsoft-Defender/ba-p/911482

        Knuckle dragger Cannon fodder Chump Daft glutton Idiot Crazy/Ignorant Toxic drinker Blockhead Unwashed mass Seeker/Sucker "Ancient/Obsolete" (Group ASAP) Win10 v.1909

    • #1982062 Reply

      dohmixer
      AskWoody Plus

      I hope this isn’t going to mess with my paid 3rd party virus protection (Kaspersky).

    • #1982070 Reply

      E Pericoloso Sporgersi
      AskWoody Plus

      1903 Home 64 bit, latest patches.

      Learned of that setting just today (from Dutch Tweakers.net).

      I looked for it and found it.

      Apparently it was switched ON by default by my youngest patching bout.

      Up to now it hasn’t interfered with Lara Croft’s antics nor with anything else (Avast free, MalwareBytes licensed, VoodooShield free).

    • #1982145 Reply

      Alex5723
      AskWoody Plus

      Currently tamper protection is not blocking 3rd party AV registration with Windows Security App.

      I really like the word ‘CURRENTLY’ which for me means ‘for the time being’.

      1 user thanked author for this post.
      • #1982151 Reply

        b
        AskWoody Plus

        Because you think it’s a good thing that they’re not yet ensuring only legit AV gets installed?

        Strange.

        Knuckle dragger Cannon fodder Chump Daft glutton Idiot Crazy/Ignorant Toxic drinker Blockhead Unwashed mass Seeker/Sucker "Ancient/Obsolete" (Group ASAP) Win10 v.1909

    • #1982157 Reply

      Microfix
      Da Boss

      I find it fascinating that an OS is trying to encompass an all-in-one security approach.
      Whether they succeed, remains to be seen, experienced or dismissed.

      ********** Win7 x64/x86 | Win8.1 x64 | Linux Hybrids x64 **********

    • #1982202 Reply

      gpmartens1
      AskWoody Plus

      Forgot to login, so my message above is awaiting moderation.  Tamper Protection is already there in 1903 build 18362.418.  More info on the status in various builds in my waiting message.

    • #1982203 Reply

      Alex5723
      AskWoody Plus

      I find it fascinating that an OS is trying to encompass an all-in-one security approach.
      Whether they succeed, remains to be seen, experienced or dismissed.

      Apple does it for years in iOS and MacOS.

    • #1982193 Reply

      anonymous

      Tamper Protection is already there in 1903 Build 18362.418.  Search on Tamper Protection and go to the Windows Security App that contains Tamper Protection.  One of my machines on build 18362.418 shows it, on the other I get a Group Policy error, and it’s not shown.  On a Release Preview Ring machine with 1909, it’s not there.  On a Fast Ring machine with build 18999.1, the search finds it, but it says Page Not Available.

      • #1982251 Reply

        b
        AskWoody Plus

        On a Release Preview Ring machine with 1909, it’s not there.

        It’s on for me with Release Preview 1909.

        Knuckle dragger Cannon fodder Chump Daft glutton Idiot Crazy/Ignorant Toxic drinker Blockhead Unwashed mass Seeker/Sucker "Ancient/Obsolete" (Group ASAP) Win10 v.1909

    • #1982208 Reply

      gpmartens1
      AskWoody Plus

      Additional info:  Tamper Protection blocks attempts to modify Windows Defender Antivirus settings through the registry. To help ensure that Tamper Protection doesn’t interfere with third-party security products or enterprise installation scripts that modify these settings, go to Windows Security and update security intelligence to version 1.287.60.0 or later. Once you’ve made this update, Tamper Protection will continue to protect your registry settings and will log attempts to modify them without returning errors.

      If the Tamper Protection setting is On, you won’t be able to turn off the Windows Defender Antivirus service by using the DisableAntiSpyware group policy key.

    • #1982248 Reply

      b
      AskWoody Plus

      it’s easy to set manually if you’re so inclined.

      It’s on by default for non-enterprise devices, as highlighted in yesterday’s announcement:

      Tamper protection enabled by default for home users
      For home users, tamper protection will be enabled by default to automatically increase defenses against attacks.

      It’s already been enabled by default in 1903 for the last six months. The new part is that it can now be enabled by enterprise administrators using Intune management.

      Knuckle dragger Cannon fodder Chump Daft glutton Idiot Crazy/Ignorant Toxic drinker Blockhead Unwashed mass Seeker/Sucker "Ancient/Obsolete" (Group ASAP) Win10 v.1909

    • #1982265 Reply

      abbodi86
      AskWoody_MVP

      I always disable all Defender, Security Health nonsense during setup

      • #1982305 Reply

        b
        AskWoody Plus

        I always disable all Defender, Security Health nonsense during setup

        Please could you explain why you do that, for the information of most who don’t?

        Knuckle dragger Cannon fodder Chump Daft glutton Idiot Crazy/Ignorant Toxic drinker Blockhead Unwashed mass Seeker/Sucker "Ancient/Obsolete" (Group ASAP) Win10 v.1909

      • #1982389 Reply

        abbodi86
        AskWoody_MVP

        Well, mostly because i don’t need their protection, i’m good on my own 🙂

        beside, they consume system resources without much benefit
        plus, it may mess with my “unwanted files” that i know they are safe and want 🙂

        i never used any antivirus since i started with Windows 7, only the default Windows Firewall

        • #1982456 Reply

          b
          AskWoody Plus

          Thanks. I’ll keep my fingers crossed that you never download anything from a compromised web site. (I assume you already do that.)

          Knuckle dragger Cannon fodder Chump Daft glutton Idiot Crazy/Ignorant Toxic drinker Blockhead Unwashed mass Seeker/Sucker "Ancient/Obsolete" (Group ASAP) Win10 v.1909

          1 user thanked author for this post.
    • #1982288 Reply

      gpmartens1
      AskWoody Plus

      What hit or miss method did they use to install it?  For example, I have 3 machines on 1903 build 18362.418, with the last updates, and it only shows up on 1.

    • #1982302 Reply

      gpmartens1
      AskWoody Plus

      How you find the Tamper Protection setting seems to depend on both the version of Windows 10, and which security software your using.  The only repeatable way to get to the setting is search on Virus & Threat Protection, then find Manage Settings which will show you 5+ settings.

      • #1982330 Reply

        b
        AskWoody Plus

        Settings, Update & Security, Windows Security, Virus & Threat protection, Manage settings, Tamper protection:

        Tamper Protection doesn’t affect how third-party antivirus apps work or how they register with Windows Security.

        Prevent changes to security settings with Tamper Protection

         

        Enabling Tamper Protection with other antivirus software

        If you have non-Microsoft antivirus software installed, Microsoft will register it as your antivirus provider and disable Windows Defender. This also means that Tamper Protection and other features will be disabled as well.

        If you want to enable Tamper Protection while having a third-party antivirus software installed, you can follow these steps:

        Go into the Virus & threat protection settings as described above. When you open the screen, it will show you the antivirus software you are using, … Now click on the Windows Defender Antivirus options … .

        This will display a toggle asking if you would like to enable periodic scanning with Windows Defender antivirus. Enable this setting and you will now have access to the rest of the Windows Security settings, including Tamper Protection.

        How to Enable the Windows 10 Tamper Protection Security Feature

        Knuckle dragger Cannon fodder Chump Daft glutton Idiot Crazy/Ignorant Toxic drinker Blockhead Unwashed mass Seeker/Sucker "Ancient/Obsolete" (Group ASAP) Win10 v.1909

    • #1982369 Reply

      anonymous

      Hm, could this have something to do with the fact that today my feature update delay set via the policy editor was suddenly disabled? 🙁

      • #1982457 Reply

        b
        AskWoody Plus

        Hm, could this have something to do with the fact that today my feature update delay set via the policy editor was suddenly disabled? 🙁

        No, those two things are definitely not connected.

        Knuckle dragger Cannon fodder Chump Daft glutton Idiot Crazy/Ignorant Toxic drinker Blockhead Unwashed mass Seeker/Sucker "Ancient/Obsolete" (Group ASAP) Win10 v.1909

    • #1982376 Reply

      Mele20
      AskWoody Lounger

      It appears Tamper Protection will force users to turn on cloud protection (actually it will be turned on by default and we will no longer be able to turn it off). I hope I am wrong about this. I’ve never used Cloud Protection with any AV and I don’t want to be forced to use it.

      Tamper Protection, in theory, is a good idea. In practice, I wonder for how long before Microsoft denies users the right to use whatever protection they choose or to use none.

      I have 1803 so I can’t test Tamper Protection but I did recently turn on Controlled Folder Access and had so many problems that I had to turn it off again.

      I assume Tamper Protection will keep programs from adding files to Exclusions? If so, greatis has work to do before I am forced to upgrade and end up on 1903. Hmm…maybe Microsoft will block upgrade to 1903 and give me 1809 instead which would be great.

      • #1982392 Reply

        b
        AskWoody Plus

        It appears Tamper Protection will force users to turn on cloud protection (actually it will be turned on by default and we will no longer be able to turn it off). I hope I am wrong about this. I’ve never used Cloud Protection with any AV and I don’t want to be forced to use it.

        Nope. No connection between the two. I just turned off cloud-delivered protection with tamper protection still enabled.

        Tamper Protection, in theory, is a good idea.

        Hurrah!

        In practice, I wonder for how long before Microsoft denies users the right to use whatever protection they choose or to use none.

        Not going to happen. Why would they?

        I have 1803 so I can’t test Tamper Protection but I did recently turn on Controlled Folder Access and had so many problems that I had to turn it off again.

        Controlled Folder Access is one of the best protections against ransomware available anywhere. It’s MUCH easier to handle on 1809 and later, because you can view recently blocked apps when adding an allowed app; so no having to work out the path and filename to the correct executable, which I agree was very difficult to manage.

        I assume Tamper Protection will keep programs from adding files to Exclusions?

        Malicious apps, yes; but not you:

        If Tamper Protection is turned on and you’re an administrator on your computer, you can still change these settings in the Windows Security app. However, other apps can’t change these settings.
        Prevent changes to security settings with Tamper Protection

        Knuckle dragger Cannon fodder Chump Daft glutton Idiot Crazy/Ignorant Toxic drinker Blockhead Unwashed mass Seeker/Sucker "Ancient/Obsolete" (Group ASAP) Win10 v.1909

    • #1982698 Reply

      Alex5723
      AskWoody Plus

      Enable this setting and you will now have access to the rest of the Windows Security settings, including Tamper Protection.

      Very bad advice from Microsoft. Never run 2 real time A/V applications which can lock each other during scan.

      • #1982706 Reply

        anonymous

        Periodic scanning =/= real-time protection. Rather it is equivalent to running a Malwarebytes scan when using Defender AV, or any other AV.

        But toggling this option unlocks the other features. These other features likewise do not interfere with third party, real-time AV.

        1 user thanked author for this post.
        b

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Microsoft is enabling Win10 version 1903 “Tamper Protection”

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.