Defender Manager and Microsoft Defender Tamper Protection

This article describes the Defender Manager App capabilities when Microsoft Defender has Tamper Protection Enabled

On Windows 10 build 1709 and higher, Microsoft introduced a new feature for Microsoft Defender called Tamper Protection. Tamper protection was designed to prevent attackers from disabling Defender Protection. It also prevents the RocketAgent from managing certain settings related to Microsoft Defender.

The table below outlines settings that RocketAgent cannot manage when Tamper Protection is enabled.

Category Description
General  
Enable Windows Defender

The master switch for enabling Windows Defender on a device.

The default value is set to No which will allow you to switch Defender on when you are ready.

Once Defender is enabled on the device you will not be able to disable it using the Defender Manager with Tamper Protection enabled.

Realtime Protection  
Real-time Monitoring Enables & disables realtime monitoring component for Microsoft Defender. Defender Manager can enable this setting but cannot disable the setting with Tamper Protection enabled.
Behavioral Monitoring Enable & disables the behavioral monitoring component for Microsoft Defender. Defender Manager can enable this setting but cannot disable the setting with Tamper Protection enabled.
Scan All Downloaded Files and Attachments Enable & disables scanning of all files downloaded via IE/Edge browsers. Defender Manager can enable this setting but cannot disable the setting with Tamper Protection enabled.
Script Scanning Enable & disable script scan for malicious content before execution. Defender Manager can enable this setting but cannot disable the setting with Tamper Protection enabled.
   

 

Microsoft Defender Tamper Protection Details

https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection