O Windows 10 comes with a native antivirus called Windows Defender: it is not the most effective on the market, but it can be enough if you are careful about the files you run on your PC. From now on, it will be more secure: Microsoft is enabling the default Breach Protection, which prevents malware from disabling it.
Microsoft confirms to the Bleeping Computer that will activate Tamper Protection on all PCs with Windows 10 May 2019 Update or later. It may take a few days, but this will become standard on computers with these versions of the system.
The feature, released in the May 2019 update, requires that any changes to the functioning of Windows Defender be made only through the Windows Security application. For companies, it is also possible to use enterprise management software such as Microsoft Intune.
You will not be able to make adjustments through Registry edits, PowerShell scripts, or group policies. This means that when malware tries to disable Windows Defender through malicious code, it will be stopped. This should prevent the activity of some recent Trojans, such as TrickBot, GootKit and Nodersok.
How to Enable Breach Protection in Windows 10
To manually activate Tamper Protection, do the following:
- open the start menu, type it “safety” and click Windows Security;
- in the window that opens, click Protection against viruses and threats on the left side;
- in the section Virus and threat protection settings, click in Manage settings;
- Scroll down the list to find the option Breach Protection.
You will still be able to disable Tamper Protection, but this is not recommended. Please note that, if you install another antivirus, Windows Defender will be disabled to avoid conflicts; in this case, the security settings of the program you install will apply.