Windows Security blocks malware and users from deleting security updates

by Milan Stanojevic
Milan Stanojevic
Milan Stanojevic
Windows & Software Expert
Milan has been enthusiastic about PCs ever since his childhood days, and this led him to take interest in all PC-related technologies. Before joining WindowsReport, he worked as... read more
Affiliate Disclosure
Tamper Protection microsoft defender ATP

Windows 10 users can now use the Windows Security app to enable a new feature called Tamper Protection. Thanks to this new security option, malware or other users will no longer be able to modify the core security settings.

More specifically, Tamper Protection prevents users and malicious codes from uninstalling security updates.

That is why Microsoft warns users not to disable the feature.

What’s new in the Tamper Protection?

Microsoft Defender ATP tamper protection

Once the settings have been enabled, Microsoft Defender ATP Tamper Protection prevents malware from performing the following actions:

  • Stop services that block zero-day malware
  • Disable the dodgy files detection feature from the internet
  • Disable Microsoft’s cloud-based malware detection
  • Delete security intelligence updates.

Microsoft plans to offer the Tamper Protection feature to Windows 10 Home users as well. As a matter of fact, the feature will be enabled by default.

Moreover, the feature needs to be manually enabled for Enterprise customers by system admins.

Similar malware attacks in the past

We have already seen a couple of such examples where malware attempted to neutralize the security guard of your systems.

Surprisingly, many malware attacks was successful in evading detection and the DoubleAgent malware can be taken as an example.

It was successful in turning off Avira, AVG, Comodo, F-Secure, Malwarebytes, Norton, Avast, Trend Micro, Bitdefender, Panda, Kaspersky, McAfee, and ESET.

The Tamper Protection feature was initially introduced last year in December. The tech giant introduced it as a part of the Windows Insider preview program.

It restricts the attacks by running antivirus inside a sandbox. If you are interested in testing the latest tamper-protection feature, you need to install Windows Insider builds released in this year.