Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

10/14/2019
03:00 PM
50%
50%

Tamper Protection Arrives for Microsoft Defender ATP

The feature, designed to block unauthorized changes to security features, is now generally available.

Microsoft today announced the general availability of tamper protection for Defender ATP customers, following a preview period among members of the Windows Insider community.

Temper protection is meant to block unauthorized changes to device security settings and help users mitigate malware and other threats that try to disable security features. Some of the services protected from these changes include cloud-delivered protection, behavior monitoring, security intelligence updates, IE Downloads and Outlook Express Attachments initiated (IOAV), and real-time protection, which is the core antimalware scanning component of Defender ATP.

Like other endpoint security settings, tamper protection can be deployed and managed via Microsoft Intune. Admins can enable the feature for specific device and user groups or for the entire organization. For this release, any changes to the tamper protection state may only be made through Intune and not through any other methods such as group policy, registry key, or WMI. 

When an admin enables a policy in Intune, the tamper protection policy is digitally signed on the back end before it's delivered to endpoints. Each endpoint verifies the validity of the policy, ensuring it's a signed package only personnel within Microsoft Intune have rights to control. If a third party tries to tamper with an endpoint, admins get an alert in Defender's Security Center.

Home users will see tamper protection enabled by default. Microsoft is gradually enabling the feature, so some users will begin to see the new "tamper protection" setting on their devices.

Read more details here.

This free, all-day online conference offers a look at the latest tools, strategies, and best practices for protecting your organization’s most sensitive data. Click for more information and, to register, here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5329
PUBLISHED: 2021-07-29
Dell EMC Avamar Server contains an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links.
CVE-2020-5353
PUBLISHED: 2021-07-29
The Dell Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 default configuration for Network File System (NFS) allows access to an 'admin' home directory. An attacker may leverage a spoofed Unique Identifier (UID) over NFS to rewrite sensitive files to gain administ...
CVE-2021-21538
PUBLISHED: 2021-07-29
Dell EMC iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access to the virtual console.
CVE-2021-21546
PUBLISHED: 2021-07-29
Dell EMC NetWorker versions 18.x,19.x prior to 19.3.0.4 and 19.4.0.0 contain an Information Disclosure in Log Files vulnerability. A local low-privileged user of the Networker server could potentially exploit this vulnerability to read plain-text credentials from server log files.
CVE-2021-20505
PUBLISHED: 2021-07-29
The PowerVM Logical Partition Mobility(LPM) (PowerVM Hypervisor FW920, FW930, FW940, and FW950) encryption key exchange protocol can be compromised. If an attacker has the ability to capture encrypted LPM network traffic and is able to gain service access to the FSP they can use this information to...