Microsoft Enables “Tamper Protection” by Default for Windows 10 Home Users


Microsoft has announced that the new Windows 10 tamper protection is now generally available for the public. The company started testing this new Windows 10 security feature earlier this year through its Windows Insiders community and is now deploying it for everyone.

Tamper protection effectively stops attackers who try to disable Windows Defender Antivirus features to eventually gain access to the target system. Going after the real-time protection settings enables them to avoid detection in what can be called "breaking the shields." With tamper protection, Windows 10 will be powered to protect against this specific attack that is launched on the security features by making unauthorized changes.

Big Day for Release Preview Channel! Windows 10 KB5005611 for v21H2 and v21H1 Is Also Out

"Tamper protection prevents unwanted changes to security settings on devices," Microsoft wrote. "With this protection in place, customers can mitigate malware and threats that attempt to disable security protection features."

What is being protected against changes through this new Windows 10 tamper protection feature

Microsoft has shared the following examples of services and settings that are protected from modifications by local admins or malicious apps:

  1. Real-time protection, which is the core antimalware scanning feature of Microsoft Defender ATP next generation protection and should rarely, if ever, be disabled
  2. Cloud-delivered protection, which uses our cloud-based detection and prevention services to block never-before-seen malware within seconds
  3. IOAV (IE Downloads and Outlook Express Attachments initiated), which handles the detection of suspicious files from the Internet
  4. Behavior monitoring, which works with real-time protection to analyze and determine whether active processes are behaving in a suspicious or malicious way, and then blocks them
  5. Security intelligence updates, which Windows Defender Antivirus uses to detect the latest threats

Organizations can deploy Windows 10 tamper protection through Microsoft Intune. Microsoft said that the feature can be enabled for an entire organization, or through device and user groups. Windows 10 Home users don't have to do anything as the company is enabling this feature by default to improve security.

The Windows maker said that the feature will be rolled out gradually and users will soon start seeing it on their devices, adding that the "customers can use the Windows Security app to review or change tamper protection settings and turn the feature on manually."