In a new update, Microsoft will integrate the Tamper Protection feature in Windows 10. This blocks the security software Windows Defender from external access by malware. The function can be activated and deactivated in the system settings.
Microsoft extends its windows-integrated anti-virus software Windows Defender. The Tamper Protection function will be available to all users of the operating system via update in the coming days. The IT magazine ZDNet reports concerning a Microsoft announcement by telephone. The setting is intended to prevent malware from shutting down or modifying various functions of the anti-virus software without user interaction.
Possible attack vectors include shutting down the entire anti-virus program and turning off real-time protection and behavior monitoring. Malware could also break cloud-based protection or restore security updates. Tamper Protection should prevent this. The function can be switched on and off in the system settings.
Release in waves
By switching on the function, Windows Defender is generally blocked according to Microsoft and can not be changed by users even before the feature is deactivated. So there are no changes by group policies or in the registry entries of the host regarding the antivirus software possible.
Tamper Protection was already announced in December 2018. The feature is designed for both the free version of Windows Defender and the business-grade Windows Defender Advanced Threat Protection. Like many other Windows functions, these are also distributed in waves. So not all users will have access to it immediately.