cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Tamper Protection Disabled - This settings is managed by your administrator

somedude1020
Copper Contributor

‎Dec 28 2023 07:54 AM

‎Dec 28 2023 07:54 AM

Tamper Protection Disabled - This settings is managed by your administrator

After changing Antivirus (SentinelOne has been uninstalled) to using only Microsoft Defender with Huntress half of my devices have tamper protection disabled.  I cannot enable it via the Security app due to "This settings is managed by your administrator".  The regkey TamperProtection has a value of 0 which I am not able to change due to access rights error.  I cannot take owership of the same key, I get the same access denied error.  There is no other AV on the devices.  I have reset\repaired the Secuity app with zero luck.  I do not have Intune or SCCM, I have Endpoint Manager.  How do I enable Tamper Protection on these devices?

1,445 Views
0 Likes
15 Replies
Reply
15 Replies
rahuljindal-MVP

‎Dec 28 2023 09:13 AM

‎Dec 28 2023 09:13 AM

Re: Tamper Protection Disabled - This settings is managed by your administrator

If it is still showing administratively managed then there must be a policy enforced to manage it. How are you managing the devices?
0 Likes
Reply
somedude1020

‎Dec 28 2023 09:14 AM

‎Dec 28 2023 09:14 AM

Re: Tamper Protection Disabled - This settings is managed by your administrator

There is no policy managing it. I use Endpoint Central
0 Likes
Reply
rahuljindal-MVP

‎Dec 28 2023 09:18 AM

‎Dec 28 2023 09:18 AM

Re: Tamper Protection Disabled - This settings is managed by your administrator

That doesn’t sound right to me. By the look of things you clearly have some sort of security policies applied. Have you tried running rsop to capture the report on enforced policies?
0 Likes
Reply
somedude1020

‎Dec 28 2023 09:29 AM

‎Dec 28 2023 09:29 AM

Re: Tamper Protection Disabled - This settings is managed by your administrator

Yes. There is no policy. All of defender is fine except for tamper protection. This is happening on half my devices, all getting the same policies.
0 Likes
Reply
rahuljindal-MVP

‎Dec 28 2023 09:56 AM

‎Dec 28 2023 09:56 AM

Re: Tamper Protection Disabled - This settings is managed by your administrator

This has got me intrigued. So the rsop is showing not configured against all Defender settings?
0 Likes
Reply
somedude1020

‎Dec 28 2023 10:35 AM

‎Dec 28 2023 10:35 AM

Re: Tamper Protection Disabled - This settings is managed by your administrator

We have a 365 Tenant, but we are not using Intune, Defender Portal. All my users are Office E3. We use Office\Sharepoint\Onedrive for the most part.
0 Likes
Reply
rahuljindal-MVP

‎Dec 28 2023 10:54 AM

‎Dec 28 2023 10:54 AM

Re: Tamper Protection Disabled - This settings is managed by your administrator

I have got some more questions -
1.The devices where Tamper protection is enabled, are they also showing as administratively managed?
2. What is different between these devices?
3. Is sentinelone removed all the way on devices in question?
4. Are there any sentinelone policies that may still be applicable on the devices in question?

If you have already checked for all the above already, then I guess opening a support case with Sentinelone and\or Microsoft will be the next logical step.
0 Likes
Reply
somedude1020

‎Dec 28 2023 10:58 AM

‎Dec 28 2023 10:58 AM

Re: Tamper Protection Disabled - This settings is managed by your administrator

Devices with TP enabled do NOT show the administratively managed.
Devices vary Win 10 (22h2)-11. I am still trying to figure out this. Nothing is different that i have found thus far other than the regkey HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features tamperprotection. Devices that have the message have a value of 0, where TP is good the value is 5

There are no SentinelOne policies in place. SentenelOne does not showup in REG.
0 Likes
Reply
rahuljindal-MVP

‎Dec 28 2023 11:02 AM

‎Dec 28 2023 11:02 AM

Re: Tamper Protection Disabled - This settings is managed by your administrator

Quite a pickle. Any way for you to push down a script to modify the registry to enable TP?
0 Likes
Reply
somedude1020

‎Dec 28 2023 11:12 AM

‎Dec 28 2023 11:12 AM

Re: Tamper Protection Disabled - This settings is managed by your administrator

I have and it does not work, using Endpoint Central, runs a system. I have tired advancedRun to see if running as system user or trusedinstaller which also does not work. I have tried to take ownership of tamper protection HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features, access denied, I have tried taken ownship of tamper protection HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender, same err access denied, all as administrator
0 Likes
Reply
rahuljindal-MVP

‎Dec 28 2023 01:41 PM

‎Dec 28 2023 01:41 PM

Re: Tamper Protection Disabled - This settings is managed by your administrator

I haven’t tried this, but you can use a third party utility like setacl to give full control to administrators or the account you want to run your script under to modify the registry. This may be of some help - https://rahuljindalmyit.blogspot.com/2021/08/fixing-dma-requirement-for-silent-and.html
0 Likes
Reply
somedude1020

‎Dec 29 2023 11:53 AM

‎Dec 29 2023 11:53 AM

Re: Tamper Protection Disabled - This settings is managed by your administrator

Thanks, I will give that a try
0 Likes
Reply
zenodj

‎Jan 02 2024 12:35 AM

‎Jan 02 2024 12:35 AM

Re: Tamper Protection Disabled - This settings is managed by your administrator

Hello Somedude1020
can you also try to take one client and try to offboard and onboard again?
thanks
0 Likes
Reply