Until now, security features under Windows have not always been automatically protected against manipulation, in the context of Microsoft Defender for Endpoints (MDE) for corporate customers. This should change now.
better security than now
As stated in a postMicrosoft now wants to enable its tamper protection by default for existing installations for corporate customers as well. Since last year, it has only been a matter of fresh installations for customers with Defender for Endpoint 2 or Microsoft 365 E5 licenses.
Administrators should receive a corresponding message that the function will be activated automatically 30 days after receiving the notification. If you do not want this, you can opt out of tamper protection in the Advanced Endpoint Settings at security.microsoft.com.
That’s what tamper protection does
Although deactivation is not recommended, after all, the security mechanism gets in the way of, among other things, malicious code that seeks to deactivate security settings such as virus scanners in order to spread unhindered in the system. Microsoft does not explain how this works in detail in the article.
Tamper Protection must also ensure the operation of Defender components such as IOffceAntivirus (IOAV) to detect documents corrupted with malicious code from the Internet. Such documents, usually sent by email, are still the most common way attackers spread ransomware.
Therefore administrators should ensure that manipulation protection is ideally already activated and applied to the entire company.
Freelance twitter maven. Infuriatingly humble coffee aficionado. Amateur gamer. Typical beer fan. Avid music scholar. Alcohol nerd.