Microsoft has introduced a raft of interesting changes and features in Windows 10 this year, the most recent ones coming to Version 1903 or the May 2019 update.
One of the new items is Tamper Protection, a security feature that’s enabled by default on all Windows 10 devices.
We’re going to explain what this new feature does, how it works, and how you can enable it on your computer if it’s not activated already.
Also on Guiding Tech
What Is Tamper Protection
Tamper Protection is a security feature that’s officially available for Microsoft’s consumer and enterprise customers using the Windows 10 operating system.
If it’s currently disabled on your Windows 10 device, don’t worry; Microsoft will roll-out this change to every Windows 10 user though you’d have to be patient for a few days for it to take effect.
Tamper Protection made a debut in version 1903, the feature helps prevent security bypasses in Windows Security and Windows Defender antivirus settings.
That way, no Registry changes, group policies, Windows command line tools, or other programs, including malware, can tamper with the security features.
If you can't wait for Microsoft's multi-stage rollout of the feature, read on to find out how to manually enable it on your computer.
Note: Tamper Protection is available for the free Windows Defender antivirus and Microsoft Defender Advanced Threat Protection (ATP).
Also on Guiding Tech
How Tamper Protection Works
Tamper Protection prevents malware and other programs or attempts by other people from compromising your device’s important security features.
The Windows Defender antivirus becomes more reliable with the increasing security enhancements included in the operating system. However, there’s a corresponding increase in efforts made to bypass it.
Rogue programs and malware try to do this by turning off or reducing its functionality via group policies, PowerShell commands, or Registry changes.
There have been several concerted efforts by Trojans and other malicious programs like TrickBot and GootKit to infiltrate and live within infected computers or bypass their security protections.
By enabling Tamper Protection, such attempts will get reset or ignored altogether. Windows Defender antivirus comes on automatically when you uninstall a third-party antivirus, all the more reason to enable the Tamper Protection feature for added protection.
What Does Tamper Protection Prevent Against
According to Microsoft, enabling Tamper Protection prevents nefarious code and other rogue programs that target your device’s security settings from doing the following:
Disable virus, threat, and real-time protection, especially the latter, which is Microsoft Defender ATP's core anti-malware scanning feature.
Disable Windows Defender antivirus' components like IOAV, which handles the detection of suspicious files from the web.
Deleting security intelligence updates and disabling the anti-malware solution altogether
Turn off behavior monitoring that works with real-time protection to analyze and determine whether or not active processes are behaving suspiciously or maliciously and blocks them.
Disable cloud-delivered protection, which uses Microsoft's cloud-based prevention and detection services to block new malware in seconds.
If you upgrade your Windows 10 version and cloud-delivered protection is enabled, then Tamper Protection will be enabled too.
For enterprise E5 customers, Tamper Protection is an opt-in feature managed from the Intune management console, which means not even local device admins can change the setting.
Note: Microsoft hasn't changed how the Windows Security app registers third-party antivirus solutions.
Step 4: Next, click on Virus and Threat Protection.
Step 5: Under the Virus and Threat Protection settings, click Manage Settings.
Step 6: Scroll down and locate Tamper Protection and toggle the switch On if it’s off.
Note: In the Insider Build version of Windows 10, the Tamper Protection feature is turned on. So most likely, it’ll be enabled in the release version too.
How to Use Tamper Protection with Third-Party Security Software
If you have third-party security software installed on your Windows 10 device, Microsoft will disable Windows Defender Antivirus, and register your current tool as the antivirus provider.
What this means is that Tamper Protection will be disabled, plus other features. Thankfully though, you can enable Tamper Protection even with a third-party antivirus in place using the steps below.
Step 1: Open Settings>Update & Security>Windows Security>Virus and Threat Protection. Here, you’ll see your current antivirus software.
Step 2: Click Windows Defender Antivirus options.
Step 3: Switch the toggle that asks if you’d like to enable periodic scanning with Windows Defender antivirus. This way, you’ll get access to Tamper Protection and all the other Window Security settings.
Step 4: Toggle the Tamper Protection switch to On.
Keep Pesky Malware (And People) Away
Microsoft may have built the Tamper Protection feature for enterprise environments, but home users can still enjoy the superior protection levels. However, for now, it’s not easy to judge the effectiveness of the protective feature. Similarly, it’s only available to Windows 10 1903 May release or later versions, but Microsoft will port it to older versions shortly. Meanwhile, we wait to see how effective it’ll be.
Next up: Windows 10 packs several security features and you should ramp up the security of your computer. Check out the next article about the Windows Defender Exploit Guard and the extra intrusion prevention capabilities it brings.