Forum Discussion

somedude1020's avatar
somedude1020
Copper Contributor
Dec 28, 2023

Tamper Protection Disabled - This settings is managed by your administrator

After changing Antivirus (SentinelOne has been uninstalled) to using only Microsoft Defender with Huntress half of my devices have tamper protection disabled.  I cannot enable it via the Security app...
somedude1020's avatar
somedude1020
Copper Contributor
Dec 28, 2023
Devices with TP enabled do NOT show the administratively managed.
Devices vary Win 10 (22h2)-11. I am still trying to figure out this. Nothing is different that i have found thus far other than the regkey HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features tamperprotection. Devices that have the message have a value of 0, where TP is good the value is 5

There are no SentinelOne policies in place. SentenelOne does not showup in REG.
rahuljindal's avatar
rahuljindal
Bronze Contributor
Dec 28, 2023
Quite a pickle. Any way for you to push down a script to modify the registry to enable TP?
  • zenodj's avatar
    zenodj
    MCT
    Jan 02, 2024
    Hello Somedude1020
    can you also try to take one client and try to offboard and onboard again?
    thanks
  • somedude1020's avatar
    somedude1020
    Copper Contributor
    Dec 29, 2023
    Thanks, I will give that a try
  • somedude1020's avatar
    somedude1020
    Copper Contributor
    Dec 28, 2023
    I have and it does not work, using Endpoint Central, runs a system. I have tired advancedRun to see if running as system user or trusedinstaller which also does not work. I have tried to take ownership of tamper protection HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features, access denied, I have tried taken ownship of tamper protection HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender, same err access denied, all as administrator