To address these concerns, Microsoft created a tamper protection feature as part of the Microsoft Defender platform (also known as Windows Security) that was originally released in 2019 for Windows 10 and some Windows Server versions. Its final version has since been launched and added to the new Windows 11 security baseline.
But this feature is not enabled by default in Windows Defender. Let’s learn how to activate it and unravel the reasons why Windows users should have tamper protection activated at all times.
Why Do You Need Tamper Protection?
To combat the ever-increasing risk of cybersecurity incidents, especially ransomware attacks, Microsoft decided to add another layer of security to its Windows 11 OS by including the tamper protection feature in its Microsoft Defender for Endpoint (MDE).
Although this feature was originally released for Windows 10, the main focal point of this updated version is protection against ransomware, and Microsoft is urging users to activate tamper protection.
The biggest reason why tamper protection should be activated is that it can stop third parties from messing with your security settings, particularly during installs.
This updated feature comes as part of the final version of the company’s security configuration and, although this recommendation is mainly for businesses transitioning to Windows 11, every Microsoft user should consider taking this extra safety precaution. And the best part? It all comes free as part of Windows 11.
Needless to say, if you would like to boost security and protect yourself from ransomware, it is very important to have the tamper protection feature activated on your machine.
How Does Tamper Protection Help?
The first thing most threat actors do during cyberattacks is to disable your security features to gain easier access to your data so they can install malware, carry out ransomware attacks, or exploit your data and devices in some shape or form. Hackers can also gain entry into your system via third-party software, especially when you are installing a new OS or software.
This is where tamper protection comes into play as it stops the criminals in their tracks. Tamper protection locks down the default settings for Microsoft Defender and ensures they are not changed during the installation process. These settings include:
Disabling virus and threat protection. Disabling real-time protection. Turning off behavior monitoring. Disabling antivirus. Disabling cloud-delivered protection. Removing security intelligence updates.
Keep in mind that most cybercriminals don’t give up after failed attempts and are always trying to conduct tampering attempts on our devices. With the tampering protection activated, whenever an attempt is detected, an alert is raised in the Microsoft 365 Defender portal.
How To Activate Tamper Protection in Windows Defender
Now that you know the reasons and benefits of having the tamper protection enabled, let’s learn how to activate it in Windows Defender.
Here’s how to turn on tamper protection:
Go to the Microsoft 365 Defender portal and sign in. Click on the Settings menu. Select Endpoints and then turn Tamper Protection On.
How to Stay Protected From Ransomware
The best defense against Ransomware is to mitigate it before it strikes since it’s mostly resistant to system resets and hard drive swaps.
Tamper protection not only prevents threat actors from turning off threat protection features such as your antivirus, but it also helps with generating responses to tampering attempts. If you are in the process of upgrading to Windows 11, tamper protectionis one of the most critical tools in your arsenal against ransomware.