News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Microsoft is enabling Win10 version 1903 “Tamper Protection”

    Home Forums AskWoody blog Microsoft is enabling Win10 version 1903 “Tamper Protection”

    Viewing 16 reply threads
    • Author
      Posts
      • #1981824 Reply
        woody
        Da Boss

        Yesterday, Microsoft program manager Shweta Jha posted an announcement on the Microsoft Tech Community blog, saying that a feature called “Tamper prot
        [See the full post at: Microsoft is enabling Win10 version 1903 “Tamper Protection”]

        1 user thanked author for this post.
      • #1981876 Reply
        gpmartens1
        AskWoody Plus

        You could also take that to mean they’re trying to restrict users from loading and using other security software in place of Defender.

        • #1981888 Reply
          doriel
          AskWoody Lounger

          I think this is more like “security hole cover”. But I cant find any KB number in any attached article. How this will be distributed to users?

          Dell Latitude E6530, Intel Core i5 @ 2.6 GHz, 4GB RAM, WX 1809 Enterprise

          HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

        • #1982143 Reply
          b
          AskWoody Plus

          You could also take that to mean they’re trying to restrict users from loading and using other security software in place of Defender.

          Only if you believe without any evidence that Microsoft is evil. Why would they do that when Windows Defender is free and included with Windows 10? They aren’t losing money by continuing to allow 3rd party antivirus to be installed:

          “We are working with 3rd party partnership eco-system to ensure only AM, PPL signed AV can register with Windows Security App. That way we will be able to allow only legit AV on your system. Currently tamper protection is not blocking 3rd party AV registration with Windows Security App.”
          (Microsoft program manager Shweta Jha, author of originating article)
          https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/Tamper-protection-now-generally-available-for-Microsoft-Defender/ba-p/911482

      • #1982062 Reply
        dohmixer
        AskWoody Plus

        I hope this isn’t going to mess with my paid 3rd party virus protection (Kaspersky).

      • #1982070 Reply
        E Pericoloso Sporgersi
        AskWoody Plus

        1903 Home 64 bit, latest patches.

        Learned of that setting just today (from Dutch Tweakers.net).

        I looked for it and found it.

        Apparently it was switched ON by default by my youngest patching bout.

        Up to now it hasn’t interfered with Lara Croft’s antics nor with anything else (Avast free, MalwareBytes licensed, VoodooShield free).

      • #1982145 Reply
        Alex5723
        AskWoody Plus

        Currently tamper protection is not blocking 3rd party AV registration with Windows Security App.

        I really like the word ‘CURRENTLY’ which for me means ‘for the time being’.

        1 user thanked author for this post.
        • #1982151 Reply
          b
          AskWoody Plus

          Because you think it’s a good thing that they’re not yet ensuring only legit AV gets installed?

          Strange.

      • #1982157 Reply
        Microfix
        AskWoody MVP

        I find it fascinating that an OS is trying to encompass an all-in-one security approach.
        Whether they succeed, remains to be seen, experienced or dismissed.

        | Win8.1 Pro x64 | Linux Hybrids x86/x64 | Win7 Pro x86/x64 Offline |
      • #1982202 Reply
        gpmartens1
        AskWoody Plus

        Forgot to login, so my message above is awaiting moderation.  Tamper Protection is already there in 1903 build 18362.418.  More info on the status in various builds in my waiting message.

      • #1982203 Reply
        Alex5723
        AskWoody Plus

        I find it fascinating that an OS is trying to encompass an all-in-one security approach.
        Whether they succeed, remains to be seen, experienced or dismissed.

        Apple does it for years in iOS and MacOS.

      • #1982193 Reply
        anonymous
        Guest

        Tamper Protection is already there in 1903 Build 18362.418.  Search on Tamper Protection and go to the Windows Security App that contains Tamper Protection.  One of my machines on build 18362.418 shows it, on the other I get a Group Policy error, and it’s not shown.  On a Release Preview Ring machine with 1909, it’s not there.  On a Fast Ring machine with build 18999.1, the search finds it, but it says Page Not Available.

        • #1982251 Reply
          b
          AskWoody Plus

          On a Release Preview Ring machine with 1909, it’s not there.

          It’s on for me with Release Preview 1909.

      • #1982208 Reply
        gpmartens1
        AskWoody Plus

        Additional info:  Tamper Protection blocks attempts to modify Windows Defender Antivirus settings through the registry. To help ensure that Tamper Protection doesn’t interfere with third-party security products or enterprise installation scripts that modify these settings, go to Windows Security and update security intelligence to version 1.287.60.0 or later. Once you’ve made this update, Tamper Protection will continue to protect your registry settings and will log attempts to modify them without returning errors.

        If the Tamper Protection setting is On, you won’t be able to turn off the Windows Defender Antivirus service by using the DisableAntiSpyware group policy key.

      • #1982248 Reply
        b
        AskWoody Plus

        it’s easy to set manually if you’re so inclined.

        It’s on by default for non-enterprise devices, as highlighted in yesterday’s announcement:

        Tamper protection enabled by default for home users
        For home users, tamper protection will be enabled by default to automatically increase defenses against attacks.

        It’s already been enabled by default in 1903 for the last six months. The new part is that it can now be enabled by enterprise administrators using Intune management.

      • #1982265 Reply
        abbodi86
        AskWoody_MVP

        I always disable all Defender, Security Health nonsense during setup

        • #1982305 Reply
          b
          AskWoody Plus

          I always disable all Defender, Security Health nonsense during setup

          Please could you explain why you do that, for the information of most who don’t?

        • #1982389 Reply
          abbodi86
          AskWoody_MVP

          Well, mostly because i don’t need their protection, i’m good on my own 🙂

          beside, they consume system resources without much benefit
          plus, it may mess with my “unwanted files” that i know they are safe and want 🙂

          i never used any antivirus since i started with Windows 7, only the default Windows Firewall

          • #1982456 Reply
            b
            AskWoody Plus

            Thanks. I’ll keep my fingers crossed that you never download anything from a compromised web site. (I assume you already do that.)

            1 user thanked author for this post.
      • #1982288 Reply
        gpmartens1
        AskWoody Plus

        What hit or miss method did they use to install it?  For example, I have 3 machines on 1903 build 18362.418, with the last updates, and it only shows up on 1.

      • #1982302 Reply
        gpmartens1
        AskWoody Plus

        How you find the Tamper Protection setting seems to depend on both the version of Windows 10, and which security software your using.  The only repeatable way to get to the setting is search on Virus & Threat Protection, then find Manage Settings which will show you 5+ settings.

        • #1982330 Reply
          b
          AskWoody Plus

          Settings, Update & Security, Windows Security, Virus & Threat protection, Manage settings, Tamper protection:

          Tamper Protection doesn’t affect how third-party antivirus apps work or how they register with Windows Security.

          Prevent changes to security settings with Tamper Protection

           

          Enabling Tamper Protection with other antivirus software

          If you have non-Microsoft antivirus software installed, Microsoft will register it as your antivirus provider and disable Windows Defender. This also means that Tamper Protection and other features will be disabled as well.

          If you want to enable Tamper Protection while having a third-party antivirus software installed, you can follow these steps:

          Go into the Virus & threat protection settings as described above. When you open the screen, it will show you the antivirus software you are using, … Now click on the Windows Defender Antivirus options … .

          This will display a toggle asking if you would like to enable periodic scanning with Windows Defender antivirus. Enable this setting and you will now have access to the rest of the Windows Security settings, including Tamper Protection.

          How to Enable the Windows 10 Tamper Protection Security Feature

      • #1982369 Reply
        anonymous
        Guest

        Hm, could this have something to do with the fact that today my feature update delay set via the policy editor was suddenly disabled? 🙁

        • #1982457 Reply
          b
          AskWoody Plus

          Hm, could this have something to do with the fact that today my feature update delay set via the policy editor was suddenly disabled? 🙁

          No, those two things are definitely not connected.

      • #1982376 Reply
        Mele20
        AskWoody Lounger

        It appears Tamper Protection will force users to turn on cloud protection (actually it will be turned on by default and we will no longer be able to turn it off). I hope I am wrong about this. I’ve never used Cloud Protection with any AV and I don’t want to be forced to use it.

        Tamper Protection, in theory, is a good idea. In practice, I wonder for how long before Microsoft denies users the right to use whatever protection they choose or to use none.

        I have 1803 so I can’t test Tamper Protection but I did recently turn on Controlled Folder Access and had so many problems that I had to turn it off again.

        I assume Tamper Protection will keep programs from adding files to Exclusions? If so, greatis has work to do before I am forced to upgrade and end up on 1903. Hmm…maybe Microsoft will block upgrade to 1903 and give me 1809 instead which would be great.

        • #1982392 Reply
          b
          AskWoody Plus

          It appears Tamper Protection will force users to turn on cloud protection (actually it will be turned on by default and we will no longer be able to turn it off). I hope I am wrong about this. I’ve never used Cloud Protection with any AV and I don’t want to be forced to use it.

          Nope. No connection between the two. I just turned off cloud-delivered protection with tamper protection still enabled.

          Tamper Protection, in theory, is a good idea.

          Hurrah!

          In practice, I wonder for how long before Microsoft denies users the right to use whatever protection they choose or to use none.

          Not going to happen. Why would they?

          I have 1803 so I can’t test Tamper Protection but I did recently turn on Controlled Folder Access and had so many problems that I had to turn it off again.

          Controlled Folder Access is one of the best protections against ransomware available anywhere. It’s MUCH easier to handle on 1809 and later, because you can view recently blocked apps when adding an allowed app; so no having to work out the path and filename to the correct executable, which I agree was very difficult to manage.

          I assume Tamper Protection will keep programs from adding files to Exclusions?

          Malicious apps, yes; but not you:

          If Tamper Protection is turned on and you’re an administrator on your computer, you can still change these settings in the Windows Security app. However, other apps can’t change these settings.
          Prevent changes to security settings with Tamper Protection

      • #1982698 Reply
        Alex5723
        AskWoody Plus

        Enable this setting and you will now have access to the rest of the Windows Security settings, including Tamper Protection.

        Very bad advice from Microsoft. Never run 2 real time A/V applications which can lock each other during scan.

        • #1982706 Reply
          anonymous
          Guest

          Periodic scanning =/= real-time protection. Rather it is equivalent to running a Malwarebytes scan when using Defender AV, or any other AV.

          But toggling this option unlocks the other features. These other features likewise do not interfere with third party, real-time AV.

          1 user thanked author for this post.
          b
    Viewing 16 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Microsoft is enabling Win10 version 1903 “Tamper Protection”

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.