MDE tamper protection notification triggered by svchost.exe

A

AG-Astar

We have been seeing continuous event in Defender timeline that something is trying to Tampering Defender but enable to identify what actually causing this?Below are the events timeline:svchost.exe set registry value for key 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender' svchost.exe set registry value 'DisableAntiSpyware' for key 'SOFTWARE\Policies\Microsoft\Windows Defender' svchost.exe attempted to turn off the Microsoft Defender Antivirus security feature DisableAntiSpyware Looking for assistance on how this can be identified?Thank you

Continue reading...
 
You must log in or register to reply here.

Similar threads

A
Messed up the registry
Replies
0
Views
21
AmanVerma_
A
T
Cannot enable Tamper Protection as it is "managed by your administrator"
Replies
0
Views
47
Thomas Cai
T
J
Virus and Threat protection page not available
Replies
0
Views
120
jitenkatoch
J
R
Windows Server 2025 Secured-core Server
Replies
0
Views
48
RoySasabe
R
O
This setting is managed by your administrator
Replies
0
Views
113
OdinHerjan
O
Back
Top Bottom