Tamper Protection: Microsoft has added additional protection against infringement of the Defender Advanced Threat Protection (ATP) application to prevent some malware from disabling antivirus on infected computers.
The new feature can be enabled from within the Windows Security app from a new option called 'Tamper Protection'.
This feature prevents malware from changing the kernel settings, such as the real-time protection feature, a feature that Microsoft says "should rarely be turned off".
There are many examples of malicious software που προσπαθούν να αποφύγουν την ανίχνευση εξουδετερώνοντας την εφαρμογή ασφαλείας του υπολογιστή, όπως το DoubleAgent malware που εκμεταλλεύεται μια λειτουργία προγραμματιστών των Windows για να απενεργοποιήσει τα λογισμικά Avast, AVG, Avira, Bitdefender, Trend Micro, Comodo, ESET, F- Kaspersky, Malwarebytes, McAfee, Panda and Norton.
Defender ATP tamper protection will also stop any malware that tries to disable scanning and block services that help protect against zero-day malware. The malware will not be able to delete security updates after activating the setting mentioned above.
Although Microsoft Defender ATP is a product for businesses, tamper protection will also be available for Windows Home users, and will be enabled by default.
______________
- ASUS does not convince us: they had been warned months ago
- Virus definition update destroys Windows Defender