MDE tamper protection notification triggered by svchost.exe

A

AG-Astar

We have been seeing continuous event in Defender timeline that something is trying to Tampering Defender but enable to identify what actually causing this?Below are the events timeline:svchost.exe set registry value for key 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender' svchost.exe set registry value 'DisableAntiSpyware' for key 'SOFTWARE\Policies\Microsoft\Windows Defender' svchost.exe attempted to turn off the Microsoft Defender Antivirus security feature DisableAntiSpyware Looking for assistance on how this can be identified?Thank you

Continue reading...
 
You must log in or register to reply here.

Similar threads

T
Cannot enable Tamper Protection as it is "managed by your administrator"
Replies
0
Views
33
Thomas Cai
T
J
Virus and Threat protection page not available
Replies
0
Views
108
jitenkatoch
J
R
Windows Server 2025 Secured-core Server
Replies
0
Views
36
RoySasabe
R
O
This setting is managed by your administrator
Replies
0
Views
103
OdinHerjan
O
B
  • Article
Announcing Windows 11 Insider Preview Build 22621.1972 and 22631.1972
Replies
0
Views
146
Brandon LeBlanc
B
Back
Top Bottom