Tamper Protection: Microsoft has added additional protection against app tampering Defender Advanced Threat Protection (ATP) to prevent the practice of some malware to disable antivirus on infected computers.
The new feature can be enabled from within the Windows Security app from a new option called 'Tamper Protection'.
This feature prevents malware from changing the kernel settings, such as the real-time protection feature, a feature that Microsoft says "should rarely be turned off".
There are many examples of malware that try to avoid detection by defeating a computer's security application, such as the DoubleAgent malware that exploits a Windows developer mode to disable Avast, AVG, Avira, Bitdefender, Trend Micro, Comodo, ESET, F- Kaspersky, Malwarebytes, McAfee, Panda and Norton.
Defender ATP tamper protection will also stop any malware which attempts to disable scanning and block services that help protect against zero-day malware. Malware will not be able to delete security updates after enabling the above configuration.
Although Microsoft Defender ATP is a business product, tamper protection will be available for them as well users of Windows Home, and will even be enabled by default.
______________
- ASUS does not convince us: they had been warned months ago
- Virus definition update destroys Windows Defender