Microsoft adds 'Tamper Protection' to Windows Defender

John Lister's picture

Microsoft will add a "tamper protection" feature to the built in antivirus tools in an upcoming Windows 10 update. It's designed to stop malware from switching off key security features in Microsoft Defender.

Initially the changes will be available for Microsoft Defender Advanced Threat Protection, which is a subscription service for businesses. However, Microsoft appears to have revealed it will later become available to home users of Windows 10. (Source:

The idea is to prevent rogue apps from disabling some of the weapons in the Microsoft Defender arsenal, in turn making it far easier for malware to cause damage. Microsoft hasn't revealed exactly how it works, which is likely to avoid giving too much away to hackers.

Key Features Protected

The four main features that tamper protection will prevent apps from switching off are: real-time protection, which actively scans files rather than waiting to be manually run; cloud-delivered protection, which checks suspect files against a central database that's kept totally up-to-date with the latest detected threats; IOAV (IOffice Antivirus), which checks files a computer is trying to download; and behavior monitoring, which looks for suspicious activity by apps even if the app itself hasn't been recognized as a known threat.

Tamper protection will also prevent rogue apps from disabling Microsoft Defender completely and from deleting security updates.

Protection Activated By Default

Once tamper protection rolls out to home users, it can be switched on or off through the Windows Security app, which is the all-in-one settings menu for the security tools on a Windows PC. It will be on by default.

For business networks, the feature will only be controllable through the management console, which is the menu that system administrators use to control security across a network. It won't be accessible from individual computers, which Microsoft says is designed as an added layer of protection. The idea there is to not only protect against malware that has got onto a computer, but also against rogue employees who are intentionally trying to cause harm. (Source:

What's Your Opinion?

Is this a welcome move from Microsoft? Should it have tackled this issue sooner? Do you think malware creators will figure out a way to get past this protection?

Rate this article: 
Average: 4.8 (10 votes)


swreynolds's picture

I've already been burned by this. The latest update destroyed all performance until I figured out that Defender and Avast weren't getting along. All controls on Defender were greyed out or I got a "denied" when I tried to change one.

I'll be doing a little research to see what can be done to stifle its bothersome intrusions.

Dennis Faas's picture

If you have parts of Windows that are not normally accessible (such as Windows Defender in this case), it may be because either your user account is corrupt or Windows is corrupt - FYI. This can happen if Windows is already corrupt and then you get a Windows Update that seems to 'break' things. Most likely you will have more strange issues like this in different parts of the OS. If you need help with this I can assist using remote support.