Hi there,
I suppose you cannot prevent the files from restoring , instead you can restrict Assign user access to Microsoft Defender Security Center.
Defender for Endpoint supports two ways to manage permissions:
Basic permissions management: Set permissions to either full access or read-only.
Role-based access control (RBAC): Set granular permissions by defining roles, assigning Azure AD user groups to the roles, and granting the user groups access to device groups.
Assign user access to Microsoft Defender Security Center
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/assign-portal-access?view=o365-worldwide
Manage portal access using role-based access control
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/rbac?view=o365-worldwide
-----------------------------------------------------------------------------------------------------------------------------------------------------------------
--If the reply is helpful, please Upvote and Accept it as an answer--