Win10-Initial-Setup-Script
Win10-Initial-Setup-Script copied to clipboard
Defender tamper protection
1903 added Tamper protection feature into Windows Defender. This basically blocks all attempts to modify defender-related registry, unless you're doing it as TrustedInstaller user.
By default, the protection seems to be disabled, but nags with a warning. Scope of this issue is either:
- Find how to disable the warning (preferred)
or
- Enable tamper protection but find how to do the modifications in other defender-related tweaks, either via
Set-MpPreference
cmdlet or directly as TrustedInstaller (this theoretically should not be possible, but where there's a will, there's a way)
There is related setting under HKLM:\SOFTWARE\Microsoft\Windows Defender\Features
but manually dismissing the warning doesn't seem to change anything anywhere in registry, so there may be something else in SQLite databases under C:\ProgramData\Microsoft\Windows Defender
.
Perhaps the TamperProtection
key in HKLM\SOFTWARE\Microsoft\Windows Defender\Features
might be something that is only honored during the initial install of the OS, similar to the ShippedWithReserves
key for the Reserved Storage feature?