Tamper protection now available in Microsoft Defender ATP

Don Sharpe
by Don Sharpe
Author
0 Comments
Download PDF
Affiliate Disclosure

Cybersecurity

Enterprises using Windows 10 can now activate tamper protection controls in Microsoft Defender ATP (MDATP) Threat & Vulnerability Management (TVM). The feature gives system administrators and cybersecurity personnel an expanded view of the threats facing their IT infrastructure.

Tamper protection helps to thwart malware attacks

Bad actors keep discovering new ways to disable the cybersecurity measures your organization has in place to keep malware at bay. When they succeed, you are likely going to have a false sense of safety and drop your guard as all manner of Trojans breach your IT systems unnoticed.

Microsoft’s Shweta Jha said that such malware intrusions are less likely to materialize when you have tamper protection enabled in Windows 10. Just in case one or more PCs in your organization have the feature turned off, you can quickly spot the devices and implement the necessary remedial measures.

This provides security teams greater visibility into how many machines don’t have this feature turned on, the ability to monitor changes over time, and a process to turn on the feature.

Guarding against Windows 10 PowerShell exploits

MDATP lets you enable measures such as virus and threat protection. It is also where you can turn on real-time antivirus services for your PC. These are some of the system security controls that malware may deactivate when you have not set up adequate device-level IT defenses.

Many cyber attackers take advantage of Windows PowerShell because of its high level of integration with the operating system. By exploiting the task automation and configuration management framework, they can efficiently deliver malicious scripts masquerading as legitimate code.

Such malware may covertly manipulate various Windows services and roles. It can even tamper with Windows registry values, compromising your alertness to potential security vulnerabilities in your computers.

Now you can leverage MDATP settings to tamper-proof your business machines. This way, it gets a lot difficult for malware authors to deliver harmful payloads to your PC via techniques like PowerShell exploits.

To activate the tamper protection control in TVM, start by looking up the term tamper on the security recommendations page. Next, click Turn on Tamper Protection (it is one of the measures in the results lists). In the flyout screen that appears, you can see the operating systems and the number of PCs in your organization that are vulnerable to cyber incidents.

Here are the three methods for turning on tamper protection in Windows 10 versions such as 1709, 1803, and 1809.