MDE tamper protection notification triggered by svchost.exe

A

AG-Astar

We have been seeing continuous event in Defender timeline that something is trying to Tampering Defender but enable to identify what actually causing this?Below are the events timeline:svchost.exe set registry value for key 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender' svchost.exe set registry value 'DisableAntiSpyware' for key 'SOFTWARE\Policies\Microsoft\Windows Defender' svchost.exe attempted to turn off the Microsoft Defender Antivirus security feature DisableAntiSpyware Looking for assistance on how this can be identified?Thank you

Continue reading...
 
You must log in or register to reply here.

Similar threads

A
Messed up the registry
Replies
0
Views
26
AmanVerma_
A
K
Enable Tamper Protection via command
Replies
0
Views
23
KenKenAM
K
T
Cannot enable Tamper Protection as it is "managed by your administrator"
Replies
0
Views
52
Thomas Cai
T
J
Virus and Threat protection page not available
Replies
0
Views
126
jitenkatoch
J
R
Windows Server 2025 Secured-core Server
Replies
0
Views
54
RoySasabe
R
Back
Top Bottom