Tamper Protection: Microsoft has added additional protection against infringement of the Defender Advanced Threat Protection (ATP) application to prevent some malware from disabling antivirus on infected computers.
The new feature can be activated through the Windows Security application by a new option called 'Tamper Protection'.
This feature prevents malware from changing the kernel settings, such as the real-time protection feature, a feature that Microsoft says "should rarely be turned off".
There are many examples of malware that try to avoid detection by disabling the computer's security application, such as DoubleAgent malware exploiting a Windows developer feature to disable Avast, AVG, Avira, Bitdefender, Trend Micro, Comodo, ESET, F - Kaspersky, Malwarebytes, McAfee, Panda, and Norton.
Defender ATP tamper protection will also stop any malware which attempts to disable scanning and block services that help protect against zero-day malware. Malware will not be able to delete security updates after enabling the above configuration.
Although Microsoft Defender ATP is a product for businesses, tamper protection will also be available for Windows Home users, and will be enabled by default.
- ASUS does not convince us: they had been warned months ago
- Virus definition update destroys Windows Defender