Skip to main content

Disable Tamper Protection

Apply Now
Works with Windows 10 and 11Works with Windows Vista, XP, 7, 8, 10, 11, and Windows Server 2008 or newer.
  • Windows onlyThis script improves your privacy on Windows
  • Single actionThis page belongs to a script, containing basic changes to achieve a task.
  • Impact: High

    System Functionality / Data Loss Risk: High

    This action improves privacy with high impact when you run the recommended script.

  • Batch (batchfile)These changes use Windows system commands to update your settings.
  • Administrator rights requiredThis script requires privilege access to do the system changes
  • Fully reversible

    You can fully restore this action (revert back to the original behavior) using this website.

    The restore/revert methods provided here can help you fix issues.

Overview

This script disables the Tamper Protection feature.

Tamper Protection is a security feature that blocks unauthorized changes to key Defender Antivirus settings 1 2. These settings include real-time protection 1 2, behavior monitoring 2, and cloud-delivered protection 1. By default, Tamper Protection is enabled 1. It is available in all editions of Windows since Windows 10, version 1903 3.

Disabling Tamper Protection may increase privacy and control over your system by allowing you to:

  • Change protected Defender Antivirus settings to enhance privacy 1 3
  • Disable Defender Antivirus entirely 1 3 to increase privacy
  • Improve system performance by adjusting or disabling certain security features

However, turning off Tamper Protection may reduce your system's security by:

  • Making your device more vulnerable to malware that attempts to disable security features
  • Allowing potentially harmful changes to important security settings

With Tamper Protection enabled, users can modify protected settings through the Windows Security app 1. Disabling Tamper Protection allows changes through scripts and third-party apps such as privacy.sexy 1.

Technical Details

This script modifies the following registry keys:

  • HKLM\SOFTWARE\Microsoft\Windows Defender\Features!TamperProtection 4 5 6.
  • HKLM\SOFTWARE\Microsoft\Windows Defender\Features!TamperProtectionSource 7

These keys interact with the MpClient.dll library within Defender Antivirus 8. The script sets values to replicate changes made through the Windows Security interface 5.

Tests reveal the following values for various Windows versions:

KeyOpearting SystemDefaultAfter toggling ONAfter toggling OFF
TamperProtectionWindows 10 Pro (>= 22H2)15 4 64 4 6 7
TamperProtectionWindows 11 Pro (>= 23H2)15 4 54 4 5
TamperProtectionSourceWindows 10 Pro (>= 22H2)No valueNo valueNo value (Or 2 7)
TamperProtectionSourceWindows 11 Pro (>= 23H2)522

TamperProtectionSource value 2 means that the Tamper Protection is based on signatures. Other recorded values in various installations include ATP 9, Service Init 10, Intune 11, and E5 transition 12. However, these values lack official public documentation 13.

To check the current Tamper Protection source, use this command:

wmic /namespace:\\root\microsoft\windows\defender path MSFT_MpComputerStatus get /format:list | findstr "TamperProtectionSource"

Or this PowerShell command:

Get-MpComputerStatus | Select-Object -ExpandProperty TamperProtectionSource
  1. Not Advised

    This script should only be used by advanced users.

    This script is not recommended for daily use as it breaks important functionality.

    Consider creating a system restore point before doing any changes.

  2. Security Trade-off

    This action prioritizes privacy over certain security features. It's not recommended and should only be used by advanced users after understanding its implications.

    Increased Privacy

    Enhanced privacy through reduced data collection and tracking

    Decreased Security

    Some security features will be disabled or limited

    This script can be reversed, this action allows you to can restore the system security.

Sources
PrivacyLearn.com maintains strict sourcing standards for accuracy, integrity and up-to-date content. Our content relies on authoritative sources including vendor documentation, industry standards, and verified research. Learn more about our verification process and quality standards in our editorial standards page.

Apply Now

Choose one of three ways to apply:

Download script

Download and run the script directly
  • No app needed
  • Offline usage
  • Easy-to-apply
  • Free
  • Open-source
Help

How to apply or restore "Disable Tamper Protection" using script

  • ≈ 2 min to complete
  • Tools: Web Browser
  • Difficulty: Simple
  • ≈ 5 instructions
  1. 1

    Download

    Download the script file by clicking on the   Apply protection  button above.
    Use   Undo protection button above to restore changes.
  2. 2

    Keep the file

    If warned by your browser, keep the file.
  3. 3

    Open

    Open the downloaded file.
  4. 4

    Exit

    Once it's done, press any key to exit the window.
  5. 5

    Restart

    Restart your computer for all changes to take effect.

Apply with privacy.sexy

Guided, automated application with safety checks
  • Recommended for most users
  • Includes safety checks
  • Free
  • Open-source
  • Popular
  • Offline/Online usage
Open privacy.sexy
Help

How to apply or restore "Disable Tamper Protection" using privacy.sexy

  • ≈ 3 min to complete
  • Tools: privacy.sexy
  • Difficulty: Simple
  • ≈ 4 instructions
privacy.sexy is free and open-source application that lets securely apply this action easily with more advanced options.
  1. 1

    Open or download

    Open or download the desktop application
  2. 2

    Choose script

    1. Search for the script name: Disable Tamper Protection
    2. Check the script by clicking on the checkbox.
  3. 3

    Run

    Click on ▶️ Run button at the bottom of the page.

    This button only appears on desktop version (recommended). On browser, use 💾 Save button.

Run commands

Copy and run commands manually Requires technical knowledge
Apply changes
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows Defender\Features!TamperProtection"
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$registryPath = ''HKLM\SOFTWARE\Microsoft\Windows Defender\Features'''+"^""`r`n"^""+'$data = ''4'''+"^""`r`n"^""+''+"^""`r`n"^""+'reg add ''HKLM\SOFTWARE\Microsoft\Windows Defender\Features'' `'+"^""`r`n"^""+'    /v ''TamperProtection'' `'+"^""`r`n"^""+'    /t ''REG_DWORD'' `'+"^""`r`n"^""+'    /d "^""$data"^"" `'+"^""`r`n"^""+'    /f'; Invoke-AsTrustedInstaller $cmd"
:: Set the registry value: "HKLM\SOFTWARE\Microsoft\Windows Defender\Features!TamperProtectionSource"
PowerShell -ExecutionPolicy Unrestricted -Command "function Invoke-AsTrustedInstaller($Script) { $principalSid = [System.Security.Principal.SecurityIdentifier]::new('S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464'); $principalName = $principalSid.Translate([System.Security.Principal.NTAccount]); $streamFile = New-TemporaryFile; $scriptFile = New-TemporaryFile; try { $scriptFile = Rename-Item -LiteralPath $scriptFile -NewName ($scriptFile.BaseName + '.ps1') -Force -PassThru; $Script | Out-File $scriptFile -Encoding UTF8; $taskName = "^""privacy$([char]0x002E)sexy invoke"^""; schtasks.exe /delete /tn $taskName /f 2>&1 | Out-Null; $executionCommand = "^""powershell.exe -ExecutionPolicy Bypass -File '$scriptFile' *>&1 | Out-File -FilePath '$streamFile' -Encoding UTF8"^""; $action = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument "^""-ExecutionPolicy Bypass -Command `"^""$executionCommand`"^"""^""; $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries; Register-ScheduledTask -TaskName $taskName -Action $action -Settings $settings -Force -ErrorAction Stop | Out-Null; try { ($scheduleService = New-Object -ComObject Schedule.Service).Connect(); $scheduleService.GetFolder('\').GetTask($taskName).RunEx($null, 0, 0, $principalName) | Out-Null; $timeout = (Get-Date).AddMinutes(5); Write-Host "^""Running as $principalName"^""; while ((Get-ScheduledTaskInfo $taskName).LastTaskResult -eq 267009) { Start-Sleep -Milliseconds 200; if ((Get-Date) -gt $timeout) { Write-Warning 'Skipping: Timeout'; break; }; }; if (($result = (Get-ScheduledTaskInfo $taskName).LastTaskResult) -ne 0) { Write-Error "^""Failed, due to exit code: $result."^""; } } finally { schtasks.exe /delete /tn $taskName /f | Out-Null; }; Get-Content $streamFile } finally { Remove-Item $streamFile, $scriptFile; }; }; $cmd = '$registryPath = ''HKLM\SOFTWARE\Microsoft\Windows Defender\Features'''+"^""`r`n"^""+'$data = ''2'''+"^""`r`n"^""+''+"^""`r`n"^""+'reg add ''HKLM\SOFTWARE\Microsoft\Windows Defender\Features'' `'+"^""`r`n"^""+'    /v ''TamperProtectionSource'' `'+"^""`r`n"^""+'    /t ''REG_DWORD'' `'+"^""`r`n"^""+'    /d "^""$data"^"" `'+"^""`r`n"^""+'    /f'; Invoke-AsTrustedInstaller $cmd"
Help

How to apply or restore "Disable Tamper Protection" using commands

  • ≈ 2 min to complete
  • Tools: Command Prompt
  • Difficulty: Medium
  • ≈ 3 instructions
 View step-by-step guide with screenshots
  1. 1

    Open Command Prompt

    Open Command Prompt as Administrator.
  2. 2

    Copy code

    Copy the code:
    Copy Apply Code Copy Revert Code
  3. 3

    Paste & run

    Paste the commands into Command Prompt and press Enter to run.

    Some changes require a system restart to take effect

Similar Guides

Wider Goal

Guides below includes this guide to achieve a wider goal.

See other more general settings that includes this one as one of its actions.

These plans combine multiple privacy settings, including this one, for stronger protection.

This category disables features that restrict system modifications in Windows. This enables deeper system modifications, enhancing privacy by allowing the removal ...
Visit category page

Same Goal

Other guides in Disable system modification restrictions 

See settings that are in the same category as this guide.

Using other actions in the same category may help you achieve your goal better.

Disable Defender System Guard
Disable Defender Antivirus minifilter driver
Disable Defender Antivirus boot driver
Disable security event monitoring
Disable Secure Boot driver
Disable virtualization-based security (VBS)

About the Creators

These people have authored this documentation and written its scripts:

  • Avatar of undergroundwires. The creator of PrivacyLearn and privacy.sexy. Black and white portrait showing a person wearing a polka dot tie and suit jacket, reflecting the professional expertise behind the privacy protection tools.
    • Certified security professional
    • 7+ years experience securing banks
    • Open-source developer since 2005
    • EU advisor, Public Speaker, Moderator
    • Hundreds across the globe
    • Testers, reviewers, developers
    • Companies, military agencies
    • Community since 2017
About Us

Reviewed By

This guide has undergone comprehensive auditing and peer review:

  • Expert review by undergroundwires

    • Verified technical accuracy and editorial standards
    • Assessed system impact and user privacy risks

  • Public review by large community

    • Privacy enthusiasts and professionals peer-reviewed
    • Millions of end-users tested across different environments

History

We continually monitor our guides, their impact and all other privacy options. We update our guides when new information becomes available. On every update, we publicly store who made the change, what has been changed, why the change was made and when the change was made.

Review Change History Our Change Process