Microsoft wants to protect Windows corporate customers better against ransomware by default

In order to prevent attacks from encryption Trojans, Microsoft’s manipulation protection should now automatically protect security settings.

So far, security features under Windows in the context of Microsoft Defender for Endpoint (MDE) for corporate customers have not always been automatically protected against manipulation. That should change now.

As can be seen from an article, Microsoft now wants to activate its manipulation protection (tamper protection) for corporate customers by default for existing installations as well. Since last year, this has only been the case for new installations for customers with a Defender for Endpoint 2 or Microsoft 365 E5 license.

Admins should receive a corresponding message that the function will be activated automatically 30 days after receiving the notification. If you do not want this, you can opt-out of tamper protection in the advanced endpoint settings at security.microsoft.com.

However, deactivation is not recommended, after all, the protection mechanism gets in the way, among other things, of malicious code that wants to deactivate security settings such as virus scanners in order to spread unhindered in systems. Microsoft does not explain in detail how this works in the article.

Tamper Protection should also ensure the operation of Defender components such as IOffceAntivirus (IOAV) for detecting documents contaminated with malicious code from the Internet. Such documents, usually sent by email, are still the most common way attackers use to spread ransomware.

Admins should therefore ensure that manipulation protection is ideally already activated and applies to the entire company.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s