# Windows 10 Tamper Protection Security Feature



## Johnny b (Nov 7, 2016)

Article on enhancing Win 10 security

Nifty new feature that comes with Win 10 1903

*How to Enable the Windows 10 Tamper Protection Security Feature *

https://www.bleepingcomputer.com/tu...indows-10-tamper-protection-security-feature/



> With the release of the Windows 10 May 2019 Update, Microsoft introduced a new security feature called Tamper Protection that protects security settings for Windows Defender antivirus from being disabled by malware or third-party programs.
> 
> When enabled, Tamper Protection will only allow Windows Defender related settings to be changed when done through the Windows Security settings screen. If a program, such as malware, or even PowerShell tries to change security settings or Microsoft Defender preferences, Tamper Protection will block the settings from being modified.
> 
> Due to this, Tamper Protection is an integral part of the Windows 10 security environment and should be enabled by all users for increased security and protection from malicious programs.


Directions follow in the article on how to enable.

edit: I just checked mine and found it was already enabled.


----------



## lunarlander (Sep 22, 2007)

I thought your Windows PC is offline only.


----------



## Johnny b (Nov 7, 2016)

lunarlander said:


> I thought your Windows PC is offline only.


My Win 7 Home computer that I use exclusively for finances, is used offline only.

I recently bought a refurbed computer that came with Win7 Pro.
I dual boot it with Puppy Linux (from a usb flash drive) and Win 10 pro ( a free install, courtesy of MS ) from a ssd. 
I'm using it as part of my living room entertainment center with a TV.
I've found OBS Studio on a Windows platform works better for me than capture programs on Puppy Linux because of sound issues.

I have others, also 
Like the one I'm posting from now ( not in my living room)


----------



## lunarlander (Sep 22, 2007)

Ha, I see. So you still do all your online activity using a Live CD ? 
Mind you, a Live CD may be running as root all the time. Not sure about Mint, but Ubuntu does, and thus an attacker can mount your sda and write to it.


----------



## Johnny b (Nov 7, 2016)

I've moved to USB flash (Kanguru)drives with a write switch, so nothing can be written to it while it's locked. Very effective.

As far as the Live CD/DVD Puppies, the media ( CD or DVD ) can be unmounted and removed immediately after boot, so effectively, nothing can be written back to the disc, either.
But they are simply slow to boot to a desktop.

However, sessions can be attacked and infected. Though, a reboot brings back a clean image.

With a usb flash drive, it's easy to reboot quickly before logging into a secure site ( banking or e-commerce) insuring you're starting with a pristine system.


----------



## lunarlander (Sep 22, 2007)

I might have used the wrong dev for mint, but what I meant was that the attacker can use the root privilege to mount the hard drive and write to it while you are online. Unless you physically disconnect the hard drive cables.


----------



## Johnny b (Nov 7, 2016)

Anything is possible depending on how and what a computer is used for.

The only computer I have online with a hard drive hooked up is the refurb for entertainment, dual booting Puppy and Win 10.

I haven't done it yet, but in the past, I set my sisters computer up with Windows on a hard drive inserted in a removable tray with an on/off switch that I got at Newegg. Less than $10.
It allowed her to boot Puppy ( edit) from a USB flash drive while the Windows drive is turned off, completely circumventing any access to that old and outdated Win XP install.

I have another tray kit, just haven't had the time to set it up for myself.



The computer I'm posting from is used for general Internet connectivity and secure sites ( e-commerce, etc ) and has no hard drive.

I've read there's no such thing as 100% security, but I think the way I'm set up/about to setup, is both effective and cost efficient.


----------



## lunarlander (Sep 22, 2007)

That's a good hardware solution. I didn't think of a hard drive tray with a switch.


----------

