One of the newest security features to land on Microsoft’s operating platform is also one of its finest. Windows 10 Tamper Protection is now available, both for consumers and enterprises.
And as you may have guessed, this is a feature designed to prevent unauthorized changes in the OS.
This important tool to prevent security bypasses makes the reliable Windows Defender even more watertight, and is now an integral part of the Windows 10 security environment. We take a look at what it exactly is, how it works, why it protects, and where to go when you need to enable or disable it.
What is Tamper Protection?
Tamper Protection, as the name gives away, is a new feature designed to protect Windows Defender security settings from being disabled by malware or third-party programs. The idea is to prevent malicious software, scripts, or even hackers from modifying the security settings of your PC.
In other words, when enabled, Tamper Protection prevents setting in Windows Defender and Windows Security from unauthorized change by programs, command line tools, registry edits, group policies, or even direct attacks.
It zaps attempts to compromise the security of your system, right at the source!
Work on Tamper Protection began all the way in December 2018, and this welcome new feature made its debut with the Windows 10 May 2019 Update. Microsoft gradually rolled out these improvements to everyone — both end uses and enterprise customers.
How Tamper Protection works?
The idea of preventing security bypasses is simple enough. And so is the implementation of this new security feature in the Windows operating system. It has been designed as an extra layer of protection on Windows 10, and therein lies its strength.
Think of it as a way to prevent malware from disabling Windows Defender features behind your back.
Microsoft defines Tamper Protection as a way to help prevent malicious apps from changing important Windows Defender Antivirus settings, including real-time protection and cloud-delivered protection.
And that’s a very clear, very basic definition of this new addition.
Its working, however, depends on whether you are an end user or enterprise professional. Home users can hop on over to the Windows Security app to make simple changes to Tamper Protection. Business users will find enterprise management software their area of interest to allow finer control.
What does it protect against?
Anything that tampers with system security configurations — be it a user or code. Newer threats target the Windows security system first and foremost. End result being that not only is your system weakened against current threats, potentially new vulnerabilities are also created that put it at risk for future attacks.
When enabled, malicious apps will not be able to:
- Disable virus and threat protection on your PC
- Disable real-time protection on your system
- Disable the antivirus components of Windows Defender, like IOfficeAntivirus
- Turn off behavior monitoring
- Turn off cloud-delivered protection
- Remove security intelligence updates
One of the greatest threats to PCs today is modern malware. It may be in the form of viruses, worms, ransomware, malicious scripts, even innocuous applications. These actors can, and do, modify your security settings and blow your security cover, leaving you and your system vulnerable.
It is against these sneaky threats that Tamper Protection is at its absolute best.
Does it protect against ransomware?
In a way, yes. But not directly. For that, Windows Defender already includes a security feature, conveniently called Ransomware Protection, which allows you to erect various protections against ransomware infections.
That is a much better defense against threats that encrypt the data on your computer and demand a ransom in bitcoin, to decrypt it and get your files back.
Since, almost all strains of ransomware out there in the wild first try to disable your security apparatus to make your system more vulnerable, this is where Tamper Protection comes into play. It ensures that Windows Defender and Windows Security modules will ignore attempts to make these lethal changes.
In fact, this is exactly what has been happening lately, with Trojans like TrickBot, GootKit, and Nodersok all making concentrated efforts to bypass Windows Defender in order to bypass its protections. So resilient were these threats that they continued to modify security settings so that they could stay on an infected computer.
Same is usually the case with ransomware.
It is these attempts to change these security settings that Tamper Protection protects against, and why Microsoft developed this feature in the first place.
Do I still need antivirus?
Yes. A good, solid, reliable antivirus never hurts. Besides, Tamper Protection is not about actively preventing threats proper, but preventing malicious code and malicious actors from pushing buttons in your system to make it more vulnerable.
In that sense, it is but another layer of protection against new age malware.
Since Tamper Protection essentially locks Microsoft Defender, it protects against security settings from being changed through apps and methods that involve configuring settings in the Registry Editor, modification of settings through PowerShell cmdlets, and editing or removing of settings via group policies.
These are all plays that viruses are guilty of, and exactly what this new feature protects against.
Do note that Tamper Protection only applies to Windows Security settings.
If you are using a third-party antivirus, this feature will not protect the settings of that program. Of course, many of the more popular third-party security solutions now have their own tamper protection features built-in to protect their settings.
How to enable Tamper Protection?
Consumers can manage Tamper Protection options in the good old Windows Security app. To access this, simply fire up Windows Security, then go to Virus & Threat Protection, and click on the Manage Settings link.
You can enable or disable Tamper Protection from here.
Enterprise workstations can also enable this feature using the same method above. However, system administrators have the option of using Microsoft Intune management software.
Using these solutions, system admins can enable Tamper Protection for their entire organisation, by device types and even user groups. Not only will IT admins will be notified when an attacker attempts to tamper with Windows security, all changes in the Tamper Protection setting will be digitally signed before they are pushed out.
Tamper Protection is the latest addition to the Windows Security experience that includes elements like the Windows Defender antivirus, Windows Firewall, online security, and more. In some ways, in many ways, this additional layer of protection is most important and must be enabled at all time.
More so, when there is malware out there that actively targets Tamper Protection.