Microsoft Plans to Remove Legacy Registry Setting “DisableAntiSpyware” to Further Support Tamper Protection


Microsoft has today released a statement announcing that it is deprecating a legacy registry called DisableAntiSpyware. This is being done to further support tamper protection for Microsoft Defender Antivirus.

"Microsoft Defender Antivirus tamper protection is turned on by default for all consumer Windows 10 devices," the Windows maker said. "This feature protects devices from cyber attacks that try to disable built-security solutions, such as antivirus protection, in an attempt to gain access to your data, to install malware, or to otherwise exploit your data, identity, and devices."

Microsoft Azure Upgraded To AMD Instinct MI200 GPU Clusters For ‘Large-Scale’ AI training, Offers 20% Performance Improvement Over NVIDIA A100 GPUs

Microsoft Defender antivirus has to automatically turn itself off when it detects another antivirus program. Microsoft said that the DisableAntiSpyware is "intended to be used by OEMs and IT admins to disable Microsoft Defender Antivirus for the purpose of deploying another antivirus product during deployment." However, it is "not applicable to consumer devices and will be removed beginning with Microsoft Defender Antimalware platform versions 4.18.2007.8 and higher."

This update removing the legacy registry setting will also be rolled out to devices running Windows Enterprise E3 and E5 at a future date.

Tamper Protection is supported on Windows 10 versions 1709, 1803, 1809, or later together with Microsoft Defender Advanced Threat Protection E5. It doesn't stop third-party programs from registering with the Windows Security application, but it does help in stopping attacks that try to disable security solutions.

Microsoft has a detailed guide up explaining tamper protection, FAQs, and setup. 

- Windows 10 ISO Files Now Available for the Upcoming 20H2 Build 19042 and Build 20201