In a blog post Microsoft detailed a new feature in Microsoft’s security product Windows Defender ATP.
Tamper Protection is a new setting available in the Windows Security app which provides additional protections against changes to key security features, including limiting changes that are not made directly through the app.
The feature is available to both home and enterprise users (where it would be managed centrally via Intune) and has been in testing by Windows 10 Insiders for around 2 months now.
When enabled other (possibly malicious) apps will be prevented from changing:
- Real-time protection, which is the core antimalware scanning feature of Microsoft Defender ATP next-gen protection and should rarely, if ever, be disabled
- Cloud-delivered protection, which uses our cloud-based detection and prevention services to block never-before-seen malware within seconds
IOAV, which handles the detection of suspicious files from the Internet
- Behaviour monitoring, which works with real-time protection to analyze and determine if active processes are behaving in a suspicious or malicious way and block them
- The feature also prevents the deletion of security intelligence updates and the disabling of the entire antimalware solution.
The feature will be on by default and will roll out to all users with the Windows 10 April 2019 Update in the near future.