Microsoft released a new future called Tamper protection in Microsoft Defender ATP to provide next-gen security to their users and block the advanced and never before seen malware within a seconds.
In order to expand the security in Microsoft anti-malware solution, Tamper protection provides an additional security future against improper modification in the apps by sophisticated malware.
Microsoft enabled this future in both home and enterprise users, in this case, Enterprise users directly manage in this future via Microsoft’s
Intune management portal.
According to Microsoft, This feature builds on our previously announced Windows Defender Antivirus sandboxing capability and expands existing tamper protection strategies across Microsoft Defender Advanced Threat Protection.
Home users can have this future by default when Windows is installed and its automatically turn on when users upgrade the windows or enable the Cloud-delivered protection.
Enterprise customers can enable this future but only be managed from the Intune management console.
In this case, the local device admin users will not be able to change the setting due to the security concern to prevent locally override the setting by malicious apps or threat actors.
“Enabling this feature prevents others (including malicious apps) from changing important protection features such as:
- Real-time protection, which is the core antimalware scanning feature of Microsoft Defender ATP next-gen protection and should rarely, if ever, be disabled
- Cloud-delivered protection, which uses our cloud-based detection and prevention services to block
never-before seenmalware within seconds
- IOAV, which handles the detection of suspicious files from the Internet
- Behavior monitoring, which works with real-time protection to analyze and determine if active processes are behaving in a suspicious or malicious way and
Users can test this future in any recent Windows Insider build released during March 2019 or later.