product icon

How to Manage Real-Time Protection when Tamper Protection is Enabled?

    Windows Tamper Protection prevents apps from changing the built-in Microsoft antivirus settings, including real-time protection. When Tamper Protection is enabled, you cannot manage real-time protection in Central. You must turn off Tamper Protection on the host first.

    Real-Time Protection. Tamper Protection. What's the difference?

    Real-time protection is the built-in Windows antivirus solution that comes pre-deployed with Windows. Central allows you to manage the antivirus software on your hosts, whether it is the built-in solution or a third-party application.

    Tamper Protection is another built-in Windows feature that was designed to block third-party software, like Central, from changing sensitive Windows system settings, such as the host's antivirus settings. When tamper protection is enabled on a Windows host, you cannot use Central to manage the host's bult-in antivirus software, that is, Windows real-time protection.

    Okay, but then how do I manage a host's antivirus software with Tamper Protection enabled?

    When a host uses Real-Time Protection as an antivirus solution, you simply don't. When Tamper Protection is enabled, Windows does not allow Central to enable Real-Time Protection.

    However, when a host uses a third-party antivirus software and you want to manage that with Central, then the Tamper Protection setting of the host is irrelevant. Again, Tamper Protection blocks third-party apps from changing Windows security settings only, but it allows you to change other third-party apps.

    What do the different Tamper Protection statuses mean?

    In Central, the Tamper status column, on the Antivirus > Manage page shows you whether Tamper Protection is enabled on the host.
    • green lock - Tamper Protection is enabled on the host. Central cannot enable real-time protection on that host.
    • red lock - Tamper Protection is disabled on the host. Central can manage real-time protection settings on that host.
    • gray lock - Tamper Protection status is unknown or irrelevant. This means that a third-party antivirus software is installed on the host, therefore Tamper Protection has no effect on the host's antivirus settings.
      Note: For those computers that do not have the latest host version installed, Tamper Protection status is always unknown.
    Tip: You can also view the Tamper Protection status of a host on the Computer Properties page:
    Article last updated: 11 October, 2022