How to Enable Tamper Protection in Windows 11

This guide explains how to use Tamper Protection to keep your Microsoft Defender antivirus settings safe on Windows 11. Tamper Protection in Windows Security stops harmful apps from changing your security settings, including real-time protection and cloud-delivered protection.

Why use Tamper Protection?

Malicious software often tries to turn off your antivirus to hide itself. Tamper Protection acts like a digital lock. It ensures that only you, the administrator, can change these important security settings. It is enabled by default on Windows 11 to provide immediate endpoint security configuration.

What happens when done?

Once enabled, your antivirus settings are locked. Even if a bad app tries to change them using Registry Editor, Windows commands or PowerShell, or Local Group Policy, the system will block the attempt. This prevents unauthorized security changes that could leave your PC vulnerable.

How to change Tamper Protection settings

Warning: You must have administrator privileges to follow these steps. Disabling this feature lowers your device security and is not recommended.

1. Click the search box on your taskbar and type Windows Security. Select it from the list.

2. Click on Virus & threat protection.

3. Under the Virus & threat protection settings section, click Manage settings.

4. Use the switch to turn Tamper Protection to On or Off.

Enterprise and Advanced Management

For enterprise environments, administrators can manage these settings via Microsoft Intune or Group Policy Object (GPO). If you are using Microsoft Defender for Endpoint, these settings are often managed centrally to ensure consistent security across all company devices. Registry keys for Defender are protected at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features.

Troubleshooting Common Errors

If your settings are greyed out, it usually means your organization manages them via GPO or Intune. Tamper Protection does not prevent you from adding file exclusions, but it does prevent malicious scripts from modifying the exclusion list. If you suspect a legitimate change is being blocked, check the Windows Security event logs.

Can I disable Tamper Protection if I am an administrator?

Yes, as an administrator, you can toggle the switch in the Windows Security app. However, if your device is managed by an organization through Microsoft Intune or Group Policy, the option may be greyed out, requiring you to contact your IT department to change the configuration.

Summary

Tamper Protection is a vital layer of defense in Windows 11. It prevents unauthorized apps from disabling your antivirus. By keeping this feature active, you protect your system from malicious changes. You can manage this setting through the Windows Security app or via enterprise tools like Microsoft Intune.