Programmatically disable Tamper Protection

H

hobart_symms

New Member
Maybe someone here has figured this out. Is there a way to disable Tamper Protect in the image so I don't have to log into every system to manually disable it? Moving from 1809 to 21H2 has been a whole lotta "no fun".
 
Integrate this reg file into install.wim:
Code: 
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features]
"TamperProtection"=dword:00000000

You can reg import the same file on existing systems, and reboot.
 
Last edited:
Actually tamper protecion is 4 when its disabled and 5 when enabled. what is 0 for?

also I think it can't be changed on live system and any change at iso level is reverted on first logon.
 
We've discussed this before:
https://www.ntlite.com/community/in...-disabled-settings-bug-in-w11.2539/post-22153

Windows defaults to 0 or 1, but if you have Cloud Protection present it adds 4 to the value.
0 = Tamper Protection off, no Cloud Protection
1 = Tamper Protection on, no Cloud Protection
4 = Tamper Protection off, Cloud Protection off
5 = Tamper Protection on, Cloud Protection on

Why do you think it can't be changed live? It requires a reboot to take effect. While Tamper Protection is enabled, OTHER Defender settings cannot be modified -- which is why it's protecting those reg keys.
 
OK. I got part of this wrong, you can't make a registry change on a live system -- you're only allowed to change it from Security Center UI.
 
It works on a live system, if you managed to stop WinDefend service
NSudo (or similar tools) is required to overcome registry permissions
 
You must log in or register to reply here.
Back
Top