Tamper protection for Windows 11 offers improved ransomware protection

Alexandru Poloboc
by Alexandru Poloboc
News Editor
With an overpowering desire to always get to the bottom of things and uncover the truth, Alex spent most of his time working as a news reporter, anchor, as well as TV and radio... Read more
Affiliate Disclosure
  • The internet is already an unsafe place, and considering the rise in cyber attacks, this is quite nice.
  • Microsoft decided to add another security feature to the new OS, called Tamper protection.
  • This was originally released in 2019 and is also available for some versions of Windows 10 Server.
  • We will also show you how to turn the feature on/off in the Microsoft 365 Defender portal
tamper protection windows 11

As we mentioned many times before, ransomware is an ever-increasing threat, which led to Microsoft saying that it strongly recommends we turn on its new security feature on our Windows 11 devices.

The Redmond-based tech giant is encouraging all users to activate Tamper Protection in Microsoft Defender.

This Tamper Protection has a number of features designed to protect us from ransomware, and it all comes for free as part of Windows 11.

Microsoft offers its users more security features

Microsoft officials recommend using this new feature to stop third parties from tampering with your security settings, particularly during installs.

This comes as part of the final version of the company’s security configuration.

As you would imagine, this recommendation is mainly for businesses that are transferring to Windows 11, but everyone should consider taking this extra safety precaution.

The feature was originally released in 2019 and is available for Windows 10 and Windows Server versions 2022, 2019, and 2016.

During some kinds of cyber attacks, bad actors try to disable security features, such as antivirus protection, on your machines. Bad actors like to disable your security features to get easier access to your data, to install malware, or to otherwise exploit your data, identity, and devices. Tamper protection helps prevent these kinds of things from occurring.

In the official Microsoft post, it says that Tamper Protection will lock down the default settings for Microsoft Defender and make sure they are not changed during the installation process. These settings include:

  • Disabling virus and threat protection
  • Disabling real-time protection
  • Turning off behavior monitoring
  • Disabling antivirus
  • Disabling cloud-delivered protection
  • Removing security intelligence updates

Tampering attempts are usually signs of much larger cyberattacks. Malicious third parties could try to change security settings as a way to persist and stay undetected.

If you’re part of your organization’s security team, you can view information about such attempts, and then take appropriate actions to mitigate threats.

When a tampering attempt is detected, an alert is raised in the Microsoft 365 Defender portal.

Using endpoint detection and response, as well as advanced hunting capabilities in Microsoft Defender for Endpoint, your security operations team can investigate and address such attempts.

How do I turn it on on/off in the Microsoft 365 Defender portal

  1. Go to the Microsoft 365 Defender portal and sign in.
  2. Click on the Settings menu.
  3. Select Endpoints and then turn Tamper protection on/off.tamper protection w11

Have you already enabled your Tamper protection feature? How useful do you find this new security solution? Share your opinion with us in the comments section below.

This article covers:Topics: