Microsoft is now providing all of its Defender ATP (Advanced Threat Protection) customers with tamper protection, which is meant to prevent unauthorized changes to security features.
The feature was launched as a hardening solution to prevent attacks where malicious applications or threat actors attempt to disable Windows Defender Antivirus, modify real-time protection settings, or attempt to stop behavior monitoring and script scanning.
Tamper protection in Microsoft Defender ATP was meant to prevent such malicious and unauthorized changes, so that endpoint security systems can keep users safe.
Initially rolled out to Windows Insider users earlier this year, tamper protection is now generally available, Microsoft announced on Monday.
“Tamper protection prevents unwanted changes to security settings on devices. With this protection in place, customers can mitigate malware and threats that attempt to disable security protection features,” Shweta Jha of the Microsoft Defender ATP team, explains.
Services and settings protected from modification include real-time protection (core antimalware scanning feature), cloud-delivered protection (targets never-before-seen malware), IOAV (handles detection of suspicious files from the Internet), behavior monitoring (analyzes active processes for suspicious or malicious behavior), and security intelligence updates.
Tamper protection, Jha notes, is the result of Microsoft’s research into the threat landscape and attack patterns, and also takes advantage of feedback from customers and partners. The company believes that visibility into tampering attempts at various levels becomes key in mitigating sophisticated threats.
“Customer feedback on deployment and other aspects of the feature were critical in our journey towards today’s GA,” Jha says.
Tamper protection can be deployed and managed through Microsoft Intune in a manner ..