Forum Discussion
Turning Off Tamper Protection on Workstations
Hi David Owens,
This is expected on Windows 11. Tamper Protection prevents registry, GPO, and PowerShell changes, so the usual methods to disable Defender won’t work. It can only be turned off manually in Windows Security or centrally via Microsoft Defender for Endpoint.
With a 3rd-party AV, Defender goes into Passive Mode, not fully disabled - some scanning (network, AMSI, behavior monitoring) still runs, which can affect performance. Also, client-side UNC/network path exclusions aren’t reliable; Microsoft best practice is to set exclusions on the file servers.
Hi David Owens,
This is expected on Windows 11. Tamper Protection prevents registry, GPO, and PowerShell changes, so the usual methods to disable Defender won’t work. It can only be turned off manually in Windows Security or centrally via Microsoft Defender for Endpoint.
With a 3rd-party AV, Defender goes into Passive Mode, not fully disabled - some scanning (network, AMSI, behavior monitoring) still runs, which can affect performance. Also, client-side UNC/network path exclusions aren’t reliable; Microsoft best practice is to set exclusions on the file servers.
Thanks AladinH . That's what I figured was happening.
How do I set exclusions on the file shares? If I could do that, I think that would fix the slowness issue on all workstations. As I understand it, even as Domain Administrator any file share exclusions I set on workstations will be ignored due to Tamper Protection?
It looks like the only thing I can do is set up Microsoft Defender for Business and then set network drive exclusions centrally for all workstations by using a GPO?