This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 9%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPS%3C/text%3E%3C/svg%3E)
Hi, I am unable to change a registry key value to disable Tamper protection in Windows, getting an "access denied" error.
The registry key is: "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Features\TamperProtection"
I have tried to change the ownership, but I am still getting an "Access denied" error if I try to take full control of the key.
Hi,
Thank you for your reply.
The OS version is 2004. The build is 19041.928.
I have also tried OS version 20H2.
I was trying to modify the registry key via registry editor (In administrator mode).
I have followed the steps provided but was not able to take ownership of the registry key.
It gives the following error:
Thank you for your quick confirmation.
I was doing this because I wanted to run windows defender scans programmatically.
Users should have options to choose actions for infected files like quarantine or remove or report only.
Hence relevant registry values have been modified through code:
"HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatSeverityDefaultAction"
But then later I understood that this Tamper Protection is ignoring the changes made for that reg entry.
Can you suggest something over this?
Because users won't be able to modify the things manually from GUI and intune also not a proper fit here.
Hi PrachiSharma,
I also used a 21H1 machine to do a test and found the same behavior. According to our test results, it seems we really cannot change the key through the registry or PowerShell and we can only use Intune to change it in bulk.
The Feedback Hub app lets you tell Microsoft about any problems you run in to while using Windows 10. You may report this to Microsoft directly with the Feedback Hub app.
For more information on using the app, click here:
Hi,
Thank you for the information.
If Tamper protection key cannot be changed through registry or Powershell, Can you please suggest a way to modify
ThreatSeverityDefaultAction key without Tamper protection ignoring the changes?
The registry key is:
"HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatSeverityDefaultAction"
As far as I know, tamper protection prevents your security settings from being changed through Registry Editor or PowerShell. So we still cannot bypass Tamper protection.
However, I will do more research and find whether there is any workaround.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 46%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EV%3C/text%3E%3C/svg%3E)
They turned it on automatically with updates, locked it down, and put it behind a paywall.
Hi ,
Before we go further, I would like to confirm the following questions:
1.What's the OS version of your windows 10? 1909 or 20H2?
2.How did you modify the registry key? Via PowerShell or Registry Editor?
3.Have you taken ownership the key and give the account full control permission?
In my lab(OS version is 1909), I have gain full permission to edit registry key and it works fine. As picture below:
Best Regards,
Candy
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi ,
Thanks for clarify more details.
I have tested in my lab with 20H2 OS version and found the same error message: Unable to set new owner on Features. Access is denied.
Based on my research, it seems that for newer windows 10 OS version (e.g. 2004 and later), we need to manually change it or use Intune to change it in bulk.
For your reference:
How do you enable Tamper Protection via powershell / cmd / registry?
How can I turn tamper protection on/off?
Best Regards,
Candy
--------------------------------------------------------------
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 23%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Try the same in Safe mode.