How to enable or disable Tamper Protection in Windows 10

The Windows security team has deployed Anti-fraud protection for all Windows users. In this post we will share how you can enable or disable tamper in Windows Security or Windows Defender on Windows 10. Although you can disable it, we strongly recommend that you keep it on at all times for your protection.

What is the anti-fraud protection in Windows 10

In plain English, he ensures that no one can touch the protection system, also called Windows security. The built-in software is powerful enough to handle most security threats, including Ransomware. But if it's disabled by third-party software or by malware that infiltrates, you can get in trouble.

The Windows security anti-fraud protection prevents malicious applications from modifying the relevant Windows Defender Antivirus settings. Features such as real-time protection and cloud protection are essential to protect you from emerging threats. The feature also ensures that no one can modify or change settings through the registry or Group Policy.

Here is what Microsoft says:

• To ensure that anti-fraud protection does not interfere with third-party security products or enterprise install scripts that change these settings, go to Windows Security and upgrade Security Intelligence to version 1.287.60.0 or higher. Once you have made this update, tamper protection continues to protect your registry settings and logs change attempts without recording errors.
• If the Tamper Protection setting is enabled, you will not be able to disable the Windows Defender Antivirus Service by using DisableAntiSpyware. group strategy key.

Tamper protection is enabled by default for individual users. Enabling Tamper Protection does not mean that you can not install a third-party antivirus. It simply means that no other software can change Windows security settings. The third-party antivirus will continue to register with the Windows security application.

Disable anti-fraud protection in Windows security

Although third parties can not make any changes, you can make changes to it as an administrator. Even if you can, we strongly recommend that you keep it on all the time. You can configure it in three ways:

1. Windows security interface
2. Registry changes
3. InTune Portal or Microsoft 365 Device Management

No Group Policy object allows you to change this setting.

1) Using the Windows security interface to disable or enable tamper protection

• Click the Start button and in the list of applications, locate Windows Security. Click to launch when you find it.
• Switch to Virus and Threat Protection> Manage Settings
• Scroll down a bit to find the tamper protection. Make sure it is flipped.
• If you have a special need, you can disable it, but make sure you turn it back on once the job is done.

2) Registry Changes to Disable or Enable Tamper Protection

• Open the registry editor by typing regedit in the prompt followed by the Enter key
• Navigate to HKEY_LOCAL_MACHINE SOFTWARE Microsoft Windows Defender Features
• Double-click DWORD TamperProtection to edit the value.
• Set it to "0" to disable tamper protection or "5" to activate tamper protection

3) Enable or disable tamper protection for your organization with Intune.

If you use InTune, that is the Microsoft 365 Device Management Portal, you can use it to enable or disable tamper protection. In addition to the appropriate permissions, you must have the following:

If you are part of your company's security team, you can enable (or disable) your organization's tamper protection in the Microsoft 365 Device Management (Intune) portal, provided your organization has Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP):

• Your organization must have Microsoft Defender ATP E5, managed by Intune and running Windows OS 1903 or later.
• Windows Security with Security Intelligence updated to version 1.287.60.0 (or higher)
• Your machines must use the 4.18.1906.3 (or higher) version of the anti-malware platform and the 1.1.15500.X (or higher) version of the anti-malware engine.

Now follow the steps to enable or disable tamper protection:

1. Access the Microsoft 365 Device Management Portal and log in with your work or school account.
2. To select Device configuration > profiles
3. Create a profile that includes the following settings:
   • Platform: Windows 10 and later
   • profileType: Protection of terminals
   • Settings > Windows Defender Security Center> Protection against forgery. Configure it or disable it
4. Assign the profile to one or more groups

If you do not see this option right now, it is still being deployed.

Whenever a change occurs, an alert will be displayed on the security center. The security team can filter from the logs by following the text below:

AlertEvents | where Title == "Tamper Protection bypass"

No Group Policy object for protection against forgery

Finally, no group policy is available to manage multiple computers. A note from Microsoft says clearly:

Your normal group policy does not apply to tamper protection, and changes made to Windows Defender Antivirus settings will be ignored when tamper protection is enabled.

You can use the registry method for multiple computers by remotely connecting to this computer and deploying the change. Once done, here's how it will look in the individual user settings:

We hope that the steps have been easy to follow and that you have been able to activate or deactivate the sabotage protection according to your needs.