New Windows Defender: Tamper Protection, Plus More

Microsoft is adding an extra layer of security to Windows 10: it's blocking malware from tampering with Windows Defender.

That's a security tool that's available commercially to businesses but is also built in to Windows 10 without extra cost.

Tamper Protection tackles a rather cheeky tactic used by some malware creators, namely having the malware access Windows Defender and switch off key features. The idea is to reduce the likelihood of malware being detected in action. The feature has been in testing since April, 2019 and is now ready for a public rollout.

Naturally Microsoft is keeping full details of how Tamper Protection works secret, but it appears some of the methods it uses include editing registry entries and using command line instructions.

Five Features Protected

Tamper Protection will mean at least five key Windows Defender features can't be switched off by unauthorized users:

1. Real-time protection, which tries to catch malware in action rather than waiting for scheduled scans.
    
2. Cloud-delivered protection, which lets Microsoft update other computers almost immediately when it detects a new threat.
    
3. Scanning of Internet files before they can be downloaded and opened.
    
4. Behavior monitoring to spot suspicious activity and files based on what's happening, rather than simply checking a known blacklist.
    
5. Security updates so Windows Defender has the latest list of known threats.

For home users, Tamper Protection will be switched on by default. It can be disabled, though for most people there would be no reason to do so.

For businesses users, it's up to system administrators whether they use it. If so, they will get an alert whenever Tamper Protection blocks an attempt to disable a Windows Defender feature. (Source: microsoft.com)

Update Breaks Scans

Of course, it wouldn't be a Microsoft story in 2019 without a sub-plot about an update breaking something else. Microsoft has now confirmed a recent update to Windows Defender had a rather unfortunate side effect.

Typically a Windows Defender scan takes a substantial amount of time to complete, because it scans the entire hard drive. Unfortunately, a recent update broke Windows Defender such that the scan finished prematurely, and only after a handful of files were scanned.

The good news is Microsoft quickly fixed the issue and released a new update that should install automatically. (Source: computing.com)

What's Your Opinion?

Are you happy to hear this news? Do you ever tweak the Windows Defender settings? Do you rely on Windows' built-in security or use third party security tools?