Forum Discussion
somedude1020
Dec 28, 2023Copper Contributor
Tamper Protection Disabled - This settings is managed by your administrator
After changing Antivirus (SentinelOne has been uninstalled) to using only Microsoft Defender with Huntress half of my devices have tamper protection disabled. I cannot enable it via the Security app...
somedude1020
Dec 28, 2023Copper Contributor
correct
rahuljindal-MVP
Dec 28, 2023Bronze Contributor
Is this applicable to you? https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/manage-tamper-protection-microsoft-365-defender?view=o365-worldwide
- zenodjJan 02, 2024Copper ContributorHello Somedude1020
can you also try to take one client and try to offboard and onboard again?
thanks - somedude1020Dec 29, 2023Copper ContributorThanks, I will give that a try
- rahuljindal-MVPDec 28, 2023Bronze ContributorI haven’t tried this, but you can use a third party utility like setacl to give full control to administrators or the account you want to run your script under to modify the registry. This may be of some help - https://rahuljindalmyit.blogspot.com/2021/08/fixing-dma-requirement-for-silent-and.html
- somedude1020Dec 28, 2023Copper ContributorI have and it does not work, using Endpoint Central, runs a system. I have tired advancedRun to see if running as system user or trusedinstaller which also does not work. I have tried to take ownership of tamper protection HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features, access denied, I have tried taken ownship of tamper protection HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender, same err access denied, all as administrator
- rahuljindal-MVPDec 28, 2023Bronze ContributorQuite a pickle. Any way for you to push down a script to modify the registry to enable TP?
- somedude1020Dec 28, 2023Copper ContributorDevices with TP enabled do NOT show the administratively managed.
Devices vary Win 10 (22h2)-11. I am still trying to figure out this. Nothing is different that i have found thus far other than the regkey HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features tamperprotection. Devices that have the message have a value of 0, where TP is good the value is 5
There are no SentinelOne policies in place. SentenelOne does not showup in REG. - rahuljindal-MVPDec 28, 2023Bronze ContributorI have got some more questions -
1.The devices where Tamper protection is enabled, are they also showing as administratively managed?
2. What is different between these devices?
3. Is sentinelone removed all the way on devices in question?
4. Are there any sentinelone policies that may still be applicable on the devices in question?
If you have already checked for all the above already, then I guess opening a support case with Sentinelone and\or Microsoft will be the next logical step. - somedude1020Dec 28, 2023Copper ContributorWe have a 365 Tenant, but we are not using Intune, Defender Portal. All my users are Office E3. We use Office\Sharepoint\Onedrive for the most part.